Crowd-funding site Kickstarter happens to be the latest victim of a cyberattack with hackers making off with valuable user data.
Kickstarter revealed that the data hack on the site took place on Wednesday, February 12, but users can breathe easy as their credit card information is safe. However, the question that has been raised is why Kickstarter took so long to notify users of the security breach?
"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system," said Kickstarter CEO Yancey Strickler in an official blog post on February 15.
While credit card details of users were not stolen, personal information like usernames, e-mail addresses, postal addresses, phone numbers and encrypted passwords were compromised.
"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," per the site.
Moreover, per the company there was "no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts."
However, Kickstarter advises that users exercise caution and, therefore, strongly recommends that they create a completely new password for their Kickstarter account, as well as other accounts where the same password is deployed.
Kickstarter was regretful about the chain of events and issued an apology to its users.
"We're incredibly sorry that this happened," the Kickstarter message says. "We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come."
Kickstarter is investigating the hacking and has also updated its FAQs to provide more clarity to users. If you're a Kickstarter user and think your account may have been compromised, the site recommends password tools like 1Password and LastPass for help with password security.