As fellow Kickstarter users know, an email was sent out this morning notifying us of a security breach. They may well be "incredibly sorry that this happened", but it did, and they recommend "that you change the password of your Kickstarter account, and other accounts where you use this password" - how very convenient. For those of us not blessed with eidetic memories, keeping track of passwords is a pain, and even the most computer-savvy among us use the same password across multiple sites for the sake of ease as a password manager is no good if you don't have the relevant device with you.

But, my main point is, "upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system" does not seem logical to me. It's not just Kickstarter though, it's Adobe, Ubisoft, Sony, Target,... the list is endless. It's the same spiel every time - "we were attacked, your password and/or payment details were copied, change your stuff. We're sorry. We've fixed it now". Here's a thought - patch the system before it gets exploited? You know, hire somebody to try and infiltrate it and then fix it, rather than idly sit on your ass with an insecure system and count down the days until you're a large enough target to be attacked and profusely apologize to your userbase.

Yes, ultimate unbreachable security is merely blue-sky thinking, but if these exploits have happened, they were patchable. For the sake of not looking like amateurs, please big companies, I implore you, fix it before the inevitable happens. Think of all the class action suits you could be avoiding (see here for example).