Crowdfunding website Kickstarter was hacked on Wednesday night and user information such as usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords were stolen, the company said in a blog on Saturday.
Actual passwords were not revealed, but the company added that a person with sufficient computing acumen could have deciphered weak or obvious passwords.
The blog post noted that no credit card data was accessed as the company does not store full credit card numbers, but only the last four digits of credit card numbers of pledges from outside the U.S.
In its blog post, the company has asked its users to change their passwords on Kickstarter as well as on other websites where the same password was used.
"We set a very high bar for how we serve our community, and this incident is frustrating and upsetting," company CEO Yancey Strickler said in the blog post. "We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again."
It is not immediately known who is behind the hacking, but Kickstarter noted that there was no evidence of unauthorized activity of any kind, but in two Kickstarter user accounts.
Along with the blog post, Kickstarter has added a list of questions and answers in a bid to answer queries from the users concerned.
The CEO also explained why the company waited several days to inform its users that their accounts have been hacked.
"We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation," the company said.