Important Kickstarter Security Notice

Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you:

No adverts like this in the forums anymore.
Times and dates in your local timezone.
Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance.
Email notifications for threads you want to watch closely.
Being a part of the oldest wargaming community on the net.

If you are already a member then feel free to login now.

**Ruglud**

Just got this email from Kickstarter

Important Kickstarter Security Notice

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO

https://www.kickstarter.com/blog/important-kickstarter-security-notice

**bubber**

Thanks for the heads up - just changed my password.
Hopefully this isn't some clever scam that diverted users & gained my info by doing this!!

**Ruglud**

bubber wrote:
Thanks for the heads up - just changed my password.
Hopefully this isn't some clever scam that diverted users & gained my info by doing this!!

I wondered that at first, but there's no clickable link on the email so I had to go via my own bookmark then manually login and change the password... So felt pretty safe that it was above board...

**OrlandotheTechnicoloured**

there's a warning when you access KS now saying change your password

so unless KS itself is under the hackers control it's real

**BrookM**

Odd, didn't get an email, but I did get a notice when I logged in just now. Changed it, just in case.

**Andilus Greatsword**

Yeah, changing now. Bloody hackers...

**OrlandotheTechnicoloured**

I didn't get one initially either, but one just showed up now (about 20mins after I've change my password) so it's probably just going to be slow going getting messages out to every KS account

**Dentry**

It doesn't surprise me as much as it should, but a lot of big companies have gotten hacked like this in the last 5 years or so. I've taken to using unique passwords/emails on all non-throw-away accounts as a result.

**highlord tamburlaine**

I've gotten into a habit of changing mine every few months as it is- I have to make a new password for my gradebook every trimester for the past few years, I try to do them all together in one fell swoop.

**Tannhauser42**

Wonder if the hacker was simply someone ticked off at a project delay?

**Azazelx**

Yeah, no email here but my wife and I just changed out passwords - thanks for the heads-up!

**Leprousy**

Just got this too. They say that no credit card info got leaked, but mine suddenly had fraudulent charges made in Pakistan on Thursday morning. It may not be connected, but the timing is suspicious.

**Joyboozer**

Yes, I also now have a suspicious charge on my card. Somehow I'm making retail purchases at unnamed retailers at odd times for an amount of $100 us.

**MajorTom11**

Ah was just coming in to post that... thanks! Crazy the amount of hacking going on in the US these days... I didn't realize it til recently as I thought it was everywhere but thank goodness all Canadian credit cards have to have a chip by law, no exceptions... we have been a bit safer from this stuff.

**Azazelx**

...and I still don't have an email from those [MOD EDIT - Language.]

**Joyboozer**

Well, you know what they say about Kickstarter and delays.

**Gertjan**

Didn't get an email either, only a notification when I went to the site. Thanks for giving the heads up.

Maybe it was just specific regions that got hit?

**SilverMK2**

I had an email waiting for me when i woke up. Will check my bank to see if i have strange charges as a couple of posters have mentioned.

**BrookM**

Same here, got one well past midnight.

**Ruglud**

Checked my credit card that's linked to my KS account and no unexpected charges appearing so far...

**Breotan**

You link your credit cards to your kickstarter account? Mine is set up to go through Amazon.com. Essentially, every time I bid, I go through a process that requires me to log onto Amazon's site and approve the transaction. Not sure how a hacker could get to that via Kickstarter unless the passwords were the same.

**RiTides**

Finally got an email from there, after hearing about it here and from my family first. Bush league...

**OrlandotheTechnicoloured**

Breotan wrote:
You link your credit cards to your kickstarter account? Mine is set up to go through Amazon.com. Essentially, every time I bid, I go through a process that requires me to log onto Amazon's site and approve the transaction. Not sure how a hacker could get to that via Kickstarter unless the passwords were the same.

US based projects payments go via amazon so if they're are all you've backed you they won't have any of your CC info,

but projects based in other more recently added countries like the UK have you paying KS direct (so they get a cut of that too)

**Cyporiean**

OrlandotheTechnicoloured wrote:

but projects based in other more recently added countries like the UK have you paying KS direct (so they get a cut of that too)

Its not 'direct' just another payment portal that is built into the website rather then external. The fees are pretty much the same, other then UK projects getting VAT added in.

**Platuan4th**

I had one right after I saw this last night.

Then another one 30 minutes after I changed my password sent out by one of the projects I backed because they wanted to make sure everyone saw it in case the Kickstarter e-mail hadn't arrived.

**RiTides**

I had a fraudulent charge yesterday, too! Only checked after seeing this. Man, that is infuriating... KS's email makes it sound like they got nothing, but there are 4 or 5 of us just posting here who saw a fraudulent charge.

Check your card, change your passwords!

**OrlandotheTechnicoloured**

I'd urge anybody who has had a fraudulent charge that might be connected to this to pass the info onto KS (as well as law enforcement) so they can spread the word wider if nessesary

**Krinsath**

RiTides wrote:
I had a fraudulent charge yesterday, too! Only checked after seeing this. Man, that is infuriating... KS's email makes it sound like they got nothing, but there are 4 or 5 of us just posting here who saw a fraudulent charge.

Check your card, change your passwords!

Out of curiosity, did you back any non-US projects? I'm wondering if KS believes they're not storing everything for the CCs used when you back non-US projects when in fact that information is being stored someplace that they're only dimly aware of in their infrastructure. If so, it could be that the data was in turn compromised. It wouldn't be the first time upper management didn't understand their own processes and data layout.