Kickstarter, the fundraising platform used by millions of people to raise capital for creative projects and businesses, has said hackers gained access to some of its customers’ data but that the breach had been repaired.
User names, email and postal addresses, phone numbers and encrypted passwords were accessed, Kickstarter said on Saturday.
Passwords were not revealed, but people with computer expertise could still decipher encrypted passwords, the organisation said. It recommended users change their Kickstarter passwords and those for other sites or accounts for which they used the same password.
Law enforcement officials informed the organisation of the breach on Wednesday.
Kickstarter’s chief executive officer, Yancey Strickler, said in a blog post about the attack: “No credit card data of any kind was accessed by hackers. There is no evidence of unauthorised activity of any kind on all but two Kickstarter user accounts.” It noted that it does not store credit card data.
Recent data breaches at Target Corp and Neiman Marcus have sparked debate among US politicians and consumers about who should bear the cost of consumer losses and how to improve cybersecurity.
Kickstarter said it had beefed up its security in recent days. It also said it was working with law enforcement officials.
Kickstarter launched in 2009 as a conduit for funding of projects ranging from films and stage shows to video games and restaurant launches. Contributors to a project’s launch are often compensated with rewards, discounts, credits or other offers from the projects they help fund.
Since its launch more than 100,000 projects have been funded, with hundreds of millions of dollars pledged.