Members of the rewards-based crowdfunding site Kickstarter received an email on Saturday informing them of a security breach and strongly recommending that they change their passwords.
“We’re incredibly sorry that this happened,” said the email sent to members, as well as a blog posting on the organization’s website. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.”
The breach did not jeopardize any credit card or financial information, but did include the user passwords for the site along with some other personal information. The email urged users to change their passwords for the site as well as any other place the same password may have been used.
Authorities informed Kickstarter of the breach on Wednesday night, but the company waited until the conclusion of the investigation of the breach before informing their members about what had happened. While no financial information was released, the ability to access personal information in addition to email addresses could open up the potential for these hackers to construct more specific, targeted phishing emails that attempt to extract more pertinent information.
This most-recent hacking revelation comes on the heels of broader hacks of retailers. Target (TGT) and Neiman Marcus had been the victims of broad hacking operations that stole credit card information from millions of customers. These events have brought concerns about online safety to the forefront.
The Brooklyn-based Kickstarter was one of the more popular crowdfunding platforms, using social media to publicize campaigns that have raised over $850 million. Now, the timing of this hack has to be of some concern for those in the burgeoning crowdfunding industry. As new equity and debt-based crowdfunding sites start to take off, the budding industry needs to establish a reputation for safety and legitimacy in order to attract the large audience of retail investors it’s hoping for.
Whether the Kickstarter hack has any real relevance to the rest of the crowdfunding industry, its public nature has to be viewed as a potential negative. Lumping Kickstarter’s low-donation/rewards-based model in with the rest of the industry is most likely unfair, but, for the time being, the site remains one of the most prominent and recognizable names in crowdfunding (which would also have to be considered a potential factor in why it became a target for hackers).
Investor confidence in the safety of crowdfunding platforms is likely to be key to the industry's growth, and this very public failure could ultimately play a role in that. On the one hand, Kickstarter's issues may drive some potential investors away from all crowdfunding options. On the other, this sort of early public failure might help focus attention on security and ultimately benefit the still-growing equity and debt-based options. Only time will tell, but the issue of cyber security has clearly been inserted into the conversation for the time being.