Kickstarter

In February 2014 the crowdfunding giant Kickstarter revealed a security breach after unauthorized individuals gained access to some of its customer data. While no credit card information was stolen the breach exposed sensitive user details including usernames and encrypted passwords. The attackers managed to access the platform by compromising two employee accounts. Although passwords were hashed using SHA1 with salt the age of the hashing algorithm made it vulnerable to cracking attempts. The company advised all users to change their credentials immediately to prevent unauthorized account access.