Hackers steal 15GB of Patreon user personal details, but card information stays protected
Online crowdfunding site Patreon has been hit by a major cyber-attack, which saw nearly 15GB of data, including passwords, donation records and other user information leaked online.
The hackers even released the source code that Patreon’s website runs on, but the site says that user credit card numbers remain safe, as none of this information was stored on its servers.
The data has been posted on several locations online, with Patreon CEO Jack Conte recommending that all users should now change their password.
“Yesterday I learned that there was unauthorised access to a Patreon database containing user information,” Conte wrote in a Patreon blog post.
“Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.”
The site, which says it attracts around 16 million view per month, was apparently breached via a test or “debug” version of the site – useful to developers but in this case also visible to the public, said Mr Conte.
The breach was revealed by security researcher Troy Hunt, who said the data published from the hack appears to be genuine, adding that 2.3m email addresses had been stolen, including his own.
“At the very least, it means mapping individuals with the Patreon campaigns they supported,” he told Ars Technica.
In a later upfate posted on Twitter, Hunt noted that, “Obviously all the campaigns, supporters and pledges are there too. You can determine how much those using Patreon are making. The dollar figure for the Patreon campaigns isn’t the issue, it’s supporters identities, messages, etc. Everything private now public.”
Patreon’s misfortune is the second major data breach in less than a week, after mobile operator T-Mobile revealed that the details of 15 million of its users had been stolen, due to a flaw in its data protection services.
Are you a data breach expert? Take our quiz to find out!