On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
The post went on to address the critical issue of credit card data exposure:
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.
The same message was also sent out to all Kickstarter account holders by email at the same time as the blog update. As an approach to dealing with a security breach I find Kickstarter's to be far more responsible than Forbes (see my last post for the details of the recent Forbes breach) because unless you're following Forbes on Twitter and or Facebook you'd never know that their site had been attacked and why you can't currently log in.