Crowdfunding Site Patreon Gets Hacked. Personal Data Accessed but No Credit
Full credit card numbers are not saved in the Patreon servers and were not compromised.
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. “Our engineering team has since blocked this access and taken immediate measures to prevent future breaches”, Conte wrote. I am so sorry to our creators and their patrons for this breach of trust. “The operations team at Patreon is working hand-in-hand with Twitter’s trust and safety team”.
In a technical write-up Mr. Conte posted on the company’s blog, he admitted to the incident saying that the hacker managed to gain access to registered names, email addresses, posts, and a few shipping addresses.
Given that email addresses were also in the database, users should be wary of phishing emails that ask you to click on sketchy links and/or provide personal information.
While no one has come forward to take responsibility for the Patreon hack, the website which has grown to be the lifeblood for many emerging online talent and businesses is now determining how best to deal with the news that it has suffered such a monumental breach.
Conte clarified Patreon’s engineering encrypts all tax information with a 2048-bit RSA key – the key to which lives on a separate server and was not compromised. We verified our authorization logs on our production servers to ensure that there was not any unauthorized access.
Patreon also said they would be conducting an investigation of their security systems, as well as hiring a third-party security firm to conduct an internal audit.
Patreon, the crowdfunding platform for artists, has been hacked recently, and nearly 15 gigabytes of data stolen from the site is now available online. Due to the popularity of the website it acts as a companion to Kickstarter for keeping artsy projects afloat, and artists can use it to connect to fans by giving those who pay special access, previews, or products as a “thank you” for support.
We protect our users” passwords with a hashing scheme called “bcrypt’ and randomly salt each individual password.