Kickstarter Was Hacked: What It Means for New Backers, Current Backers, and Creators

16 February 2014 | 16 Comments

Update: Here’s a follow-up podcast on this subject with Funding the Dream co-host Richard Bliss.

If you’ve ever backed or created a project on Kickstarter, you should have gotten an e-mail last night from CEO Yancey Strickler that informed you that hackers had gained unauthorized access to some customer data. You can read his message here, and I’d like to go over what it means for you. Here’s the key part of Strickler’s message:

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

New Backers

If you’ve never backed a Kickstarter project, you’re probably not reading this blog. But attracting new backers to Kickstarter is important to creators–when you tell your family that you’re trying to raise $5,000 to make dog costumes for cats (cat costumes for dogs is the first stretch goal), you want their perception of Kickstarter to be a safe place to spend their money.

I don’t think you have to worry too much about that perception. At this point, I think there are two types of people in the world: Those who will never use their credit card online (and possibly not in person), and those who do. Even if Kickstarter wasn’t hacked, you weren’t going to get anyone from that first category to back your project anyway.

Plus, in terms of logistics, if you currently don’t have an account on Kickstarter, then you didn’t have an account to be hacked. So, no worries there.

Impact: Minimal to None

Current Backers

Strickler addresses this in his letter, and when you next log onto Kickstarter, it will prompt you to change your password. It sounds like the hackers might be able to connect your passwords to your name and e-mail, so if you use your Kickstarter password for anything else, now is the time to change it everywhere. Annoying, yes, but sometimes a little spring cleaning can help out in the long run.

My concern is that the hacking would shake the confidence of current backers in the Kickstarter platform as a whole. I’ve posted a poll to this effect at the end of the post.

I reached out to David Chott, creator of the beautifully run, 300% funded campaign for Lagoon (on Kickstarter for another 2 weeks) to see if he had noticed an uptick in cancellations since Kickstarter’s announcement. He said there was nothing out of the ordinary.

Impact: Minimal

Creators

The one area where I see this having a very small impact is that creators might see a slight increase in people requesting to pay using alternative forms of payment like PayPal (or BitCoin? Will that be a thing soon?) To my knowledge, you are allowed to post a link to PayPal on your Kickstarter project page.

However, I wouldn’t recommend doing this. Closely linked to your project’s success is whether or not potential backers perceive it as successful. So every dollar that doesn’t show up on your pledge total at the top of your Kickstarter page is a dollar that doesn’t aid that perception. Plus, it’s a little harder to keep track of pledges that aren’t made through Kickstarter–make sure you don’t forget about them.

Impact: Minimal

***

What do you think? Has the hacking changed your perception of Kickstarter?

Leave a Comment

16 Comments on “Kickstarter Was Hacked: What It Means for New Backers, Current Backers, and Creators

  1. Little to no impact for me. I use a password manager and nearly all of my passwords are randomly generated strings that even I don’t remember. Took me 5 minutes to change, and no worry about my password to other sites being compromised!

  2. I deactivated my Kickstarter account and am dropping it. Between projects not fulfilling their commitments, and this latest security issue, I’m done with Kickstarter. Sorry Jamie, I backed both of your projects, but I’m done with this platform.

      1. Jamey, you are the the gold standard of Kickstarter project creators. I’ve been very impressed with everything about your campaign. Euphoria has the best gaming meeples bar none. The production quality of your games, and your honesty and dialogue with investors is very pleasing to me. Thank you for setting such a fine example. Its a shame that other creators have caused my frustration, and that Kickstarter has not been more responsible.

        1. Whew. I was worried there for a second (but ready for some constructive criticism). You’re welcome to back Tuscany via PayPal during the Kickstarter campaign if you’d like–you can get in touch with me during the campaign about that.

    1. Phil, I really respect your decision to leave Kickstarter and I agree that projects not coming through on their word is one of the most frustrating thing about KS. This is unfortunate and I think many people may leave KS after this last breach. I guess the way I see it though, is that I could get hacked anywhere and at anytime. That’s why I always use a credit card instead of my debt card for transactions like these. As long as I am vigilant to keep track on my spending, most credit card companies will foot the bill and pursue justice themselves. Our local grocery store was hacked twice and some of the big name retailer have been hacked multiple times as well over the years. We had some charges come up on credit card, called in about them, and the credit card company removed the charges and pursued the perpetrators. Of course this is an added hassle for us. But I still think you may be making a wise move, just one I am not ready to make yet. For me it may get to the point where I just go totally off the grid :-)

  3. I’ve basically given up on the internet even being vaguely secure…

    At this point, if your data is on a computer, consider it compromised and be done with it…

    I agree with KotW, and KS should have detected this themselves…the fact that they didn’t makes me leery….

  4. I work in IT and there is not such thing as a 100% secure place. I am certain that many sites that I regularly use have been hacked. Only those that actually tell me so, and recommend a change of password are those that are “secure”

  5. I’ll be watching them very closely from now on and will consider even more carefully whether to continue with them in the future. They had to be informed by law enforcement that they had a breach. That means they lacked any sort of internal controls to alert them to a breach. For a company handling large financial projects, that strikes me as a remarkably big oversight.

    I’m not going jump ship right now. There are a couple of projects that I’m still backing right now. But once those projects are funded and finished, I’ll be strongly considering getting out.

  6. I’m one of those who logs into Kickstarter by passing through Facebook, so I actually got a different notice. If I understand the IT correctly, FB passes an authentication token to Kickstarter, which Kickstarter has purged, so I’m actually as secure now as I was before. Not sure what the implications of that are, but thought I’d throw some data into the hopper.

© 2020 Stonemaier Games