Kickstarter has acknowledged that a bug in the site's API recently provided access to information on more than 70,000 projects that hadn't yet been launched.
"The bug was introduced when we launched the API in conjunction with our new homepage on April 24, and was live until it was discovered and fixed on Friday, May 11, at 1:42pm," Kickstarter co-founder Yancey Strickler wrote in a blog post. "The bug made accessible the project description, goal, duration, rewards, video, image, location, category, and user name for unlaunched projects. No account or financial data was made accessible."
"Strickler also noted that only 48 of those unlaunched projects were accessed during the three weeks that the bug was live," writes Daily Dot's Chase Hoffberger. "'Obviously our users' data is incredibly important to us,' he wrote. 'Even though limited information was made accessible through this bug, it is completely unacceptable.'"
"An invasion of privacy in a creative space may be less of a concern than a financial incursion or a medical records breach, but the fact that no one at the company was aware of the security hole for three weeks is disconcerting," notes IEEE Spectrum's Celia Gorman.
"The glitch comes as Kickstarter reached a new record last week. The team behind the Pebble smartwatch sold out of the 85,000 watches it plans to make, and raised more than $10 million to become the most-funded Kickstarter project ever," writes PCMag.com's Chloe Albanesius.
"Launched in 2008, Kickstarter has quickly become the go-to place for artists, game-makers, and technology entrepreneurs to gain funding and exposure for their embryonic ideas," writes Digital Trends' Andrew Couts. "Kickstarter, which takes a 5 percent cut of all funds pledged to successful projects, [raised] nearly $100 million for 27,000 projects last year, and has become something of a household name in the past few months. Kickstarter recently announced that it has raised a total of $200 million over the past three years."