The crowdfunding website Kickstarter said on February 15 it had been hacked and that user names, encrypted passwords and other data had been accessed.
Kickstarter said it was informed of the hack last week by law enforcement officials and that it had now closed the breach and strengthened its security.
"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," CEO Yancey Strickler said told users.
The data accessed also included email addresses, mailing addresses and phone numbers, Strickler wrote. No credit card data was accessed, he said.
"There is no evidence of unauthorized activity of any kind on your account," Strickler said.
Users are advised to change the password on their account, and on any other accounts where they use the same passwords.
Kickstarter is a site where people can make donations to fund projects. It doesn't store full credit card information on its website, only the last four digits, and those numbers were not accessed by the hackers, the company said.
Though Kickstarter was notified of the breach on February 12, it waited to tell customers until after the investigation was complete, the notice said.
Facebook user names and logins were not compromised for those who use that log-in system to get on Kickstarter, according to the notice.