Online crowdfunding website Kickstarter has confirmed Australian user data was breached in a hacking attack last week.
Hackers accessed usernames, email addresses, phone numbers and passwords, but no credit card information, co-founder Yancey Strickler revealed in a blog post on Sunday.
The passwords are encrypted, but weak or obvious ones are at risk of being cracked, he said, adding that two accounts have had unauthorised transactions.
Kickstarter spokesman Justin Kazmark confirmed to AAP that the account information of some Australian users had been breached.
"Australian users should create a new password," he said.
Kickstarter first learned about the breach on Wednesday from law enforcement officials and moved quickly to fix it.
The US-based company, which lets people raise money from backers for creative projects, says it is now strengthening security measures.
It began accepting Australian-based project pitches in November, but Australians have been backing projects on the site for several years. The company stores the expiry dates and last four digits of credit cards, but only for pledges to projects outside of the US.
