Over the weekend, users registered with Kickstarter received an email with an ominous subject line: “Important Kickstart Security Notice.”

The email officially confirmed that last Wednesday, hackers infiltrated Kickstarter and gained access to customer data. The popular crowdfunding platform said it took immediate steps to close the security breach and strengthen security measures.

Though Kickstarter said no credit card data was accessed, the hackers did get their hands on usernames, email addresses, mailing addresses, phone numbers and encrypted passwords.

The hackers couldn’t get the actual passwords, but Kickstarter warned that a malicious hacker could crack weak or obvious passwords (which studies show are the majority of passwords used online).

“As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password,” Kickstarter CEO Yancey Strickler said in the email and corresponding blog post. If users used the same password on other sites, Strickler advised changing those as well.

“We’re incredibly sorry that this happened,” Strickler said. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting.”

Users who login to Kickstarter via Facebook should be safe. The company said it reset all Facebook login credentials, and users simply need to reconnect.

The hackers have not been identified yet, and Kickstarter said it is working with law enforcement to further investigate the claim and prevent future incidents.