Patreon Hacked: a few User Information Compromised
Luckily, Conte says the most sensitive user data, like “passwords, social security numbers, and tax form information” was encrypted and should be safe, and Patreon doesn’t store full credit card data, so the damage should be minimal.
According to the Patreon statement on the incident, the company’s CEO and co-founder Jack Conte has said that it took place on 28 September and allowed the hackers access to registered names, email addresses, posts, and a few shipping addresses. You can support writers, comedians, dancers, cartoonists, and more on a monthly or per-project basis. This server included a snapshot of Patreon’s production database, but attackers did not actually access Patreon’s production servers.
While Patreon uses a hashing algorithm called “bcrypt” that’s normally tough to crack, identity thieves could use vulnerabilities in the source code to help them decrypt passwords associated with your email addresses.
Conte, in the note, says the company “is now conducting a rigorous investigation” of its systems. The company will also hire a third party security firm to do an audit and “will be implementing new tools and practices to ensure industry-leading security for our users and their data”. Passwords were also encrypted but it’s still recommended you change them as soon as possible.
Who’s behind the attack?
In 2011, Valve Corporation’s video game distribution service Steam was hacked, potentially exposing credit card information; in 2013, Twitter, Inc. was hacked, exposing 250,000 usernames and passwords; in 2015 the forums of Epic Games, Inc., developer of first person shooter games, was also hacked exposing the names and dates of birth of users. (Yes, I know you do it.) For the rest of us, it’s another depressing reminder that even the nicest, non-adultering websites can – and d0 – get hacked.