FA+
Shop
Patreon Hacked; Entire Database Posted Online
10 years ago
In case you missed it, yes, Patreon has been hacked, and unfortunately it’s looking like they pretty much scored everything that was stored in their databases and it has all been posted online. You can read about it here http://observer.com/2015/10/patreon.....c-can-now-see/ , but here’s the gist of it:
• Passwords (encrypted, but there some buzz going around that they might be decrypted with the source code)
• Private messages
• Email addresses (hence if you use the same password for several accounts, they will know which email address to try it on)
• Who you’ve backed
• Shipping addresses
• Tax Forms (Also supposedly encrypted, but…)
• DMCA Takedowns (for creators that have had them filed against them)
You may want to take some steps to mitigate the damage, but really for the time being that includes changing your password ASAP, and doing so if you use the same one at different locations. And if you’ve been anonymously backing any creators, prepare to have that data publicly available. And supposedly, Patreon does not store complete credit card numbers.
That said, if anyone is still supporting me after this breach, thanks! For the time being, my Patreon page will remain open, but we’ll see what the future holds.
• Passwords (encrypted, but there some buzz going around that they might be decrypted with the source code)
• Private messages
• Email addresses (hence if you use the same password for several accounts, they will know which email address to try it on)
• Who you’ve backed
• Shipping addresses
• Tax Forms (Also supposedly encrypted, but…)
• DMCA Takedowns (for creators that have had them filed against them)
You may want to take some steps to mitigate the damage, but really for the time being that includes changing your password ASAP, and doing so if you use the same one at different locations. And if you’ve been anonymously backing any creators, prepare to have that data publicly available. And supposedly, Patreon does not store complete credit card numbers.
That said, if anyone is still supporting me after this breach, thanks! For the time being, my Patreon page will remain open, but we’ll see what the future holds.
Anything you've inputted into the site or received on the site to that profile could be at risk, however.
It probably wouldn't be a bad idea to change your password at least, no matter the circumstance.
They say the encryption keys were not taken by the hackers, which I'm likely to believe because you don't put the real keys on development servers normally.
I'm still waiting on researchers to delve into what was encrypted vs not, though. If it's all encrypted and the key is safe, e.g. in hardware dongles, then there's not much to worry about. If any of it is not encrypted, well, there'll be a lot more fallout from this.
Still, this does put some fear in many folks like myself and many of the artists who use it as a means of finance.
So I do apologies to any of the patreon coders. I'm sure they must be stressing and pulling hairs to rectify this. COding is certainly not a job I want
Anthem Health Care.
Home Depot.
Experian (Credit reporting).
If they can't do it, Patreon definitely can!
they were using ancient machines and a single infected device pretty much caused the entire outbreak.
I'm just about ready to pack up and jump off the sinking Patreon ship.
Glad I didn't put much on there and already changed my password in case.
Hackers go where they think they think they'll get either more information, more people angry and more suffering from the data leaks. That's why hackers leaked information from the Adobe website.
It may happen even to the best ones.
Instead of raging and calling stuff 'a sinking ship' (Expression that I've seen a lot in reference to fA too), better being thankful that Patreon users were notified very soon, instead of waiting 'til the news were everywhere just to make a lame statement.
My information and background check info was taken in the gov's OPM breach. Now I've got to worry about my info getting taken again via Patreon.
Fantastic.
Thankfully the gov paid for identity theft protection services for me.
Stay safe, my friends.
This has been a NetSec Panda PSA.
This is why I like donations to individuals a bit more - it was a novel idea but there are dangerous people out there.
I sent the delete account mailer a message, hopefully it goes through. I use a variant of a similar password for everything but I'm not a fan of having my personal information passed out just like anyone else would.
Thanks for letting us know, and linking to a source though.
Not saying that everyone who jars it does that BTW.