Crowdfunding website Kickstarter last night confirmed that it had been hacked and that some of its customers' personal details had been stolen.
No credit card data was taken in the attack but hackers did make off with usernames, email addresses, mailing addresses, phone numbers and encrypted passwords, the company revealed in a blog post.
Although actual passwords were not revealed, Kickstarter said that a "malicious person with enough computing power" could crack an encrypted password, and so it "strongly recommended" that all users create a new password for their Kickstarter account and any other accounts that use the same password.
The company's CEO, Yancey Strickler, said that it was made aware of the hack on Wednesday night by law enforcement officials.
"Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system," Strickler said.
"We’re incredibly sorry that this happened," he continued. "We set a very high bar for how we serve our community, and this incident is frustrating and upsetting.
"We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again."
Some of the site's users expressed frustration that it had taken Kickstarter three days to make users aware of the attack. One called Ben Pierce wrote on Twitter: "So @kickstarter was informed Wednesday night that they were hacked and then they wait 3 days to tell users?! WTF?"
Kickstarter provided only a brief explanation for the three-day wait, saying: "We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation."
Since Kickstarter's launch, more than 50,000 creative projects and businesses have been successfully funded and $981m has been pledged.