According to the Kickstarter API blog, a bug caused 70,000 unlaunched projects to be publicly visible over the weekend, allowing folks to see goals, funding plans, and descriptions on projects that haven’t yet appeared on the site. Of the 70,000, visitors only viewed 48.
The bug exposed no financial information.
Kickstarter fixed the problem on Friday, May 11 at about 2pm. It had been introduced into site code on April 24.
The best thing? A reporter for the WSJ made his own story by discovering and exploiting the bug after sending Kickstarter a note about the problem.
From the blog post:
Based on our research, the overwhelming majority of the private API access was by a computer programmer/Wall Street Journal reporter who contacted us. Outside of that person’s use, our research shows that a total of 48 unlaunched projects were accessed during the three weeks this bug was live (this number includes a number of views by Kickstarter’s developers working on the API itself).