Crowdfunding site Patreon has been hacked and a huge amount of data has been leaked online
Patreon confirmed the breach in a statement published on Thursday. "Yesterday I learned that there was unauthorized access to a Patreon database containing user information," CEO Jack Conte wrote. "Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community."
Since then a several-gigabyte file of data apparently exfiltrated from Patreon's systems has been released online and is being shared on forums discussing the hack. Business Insider has not independently verified the leak, but security researcher Troy Hunt has accessed it and says it appears to be legitimate. Another individual Business Insider spoke to who has access to the files also says the dump appears to be authentic.
According to Hunt, the data leaked includes messages sent between users, email addresses, campaigns and their supporters, and more.
Uh oh, looks like the Patreon dump includes messages, some with very personal info.
- Troy Hunt (@troyhunt) October 2, 2015
Obviously all the campaigns, supporters and pledges are there too. You can determine how much those using Patreon are making.
- Troy Hunt (@troyhunt) October 2, 2015
This looks like a complete DB dump of Patreon, the whole works is in there.
- Troy Hunt (@troyhunt) October 2, 2015
The dollar figure for the Patreon campaigns isn't the issue, it's supporters identities, messages, etc. Everything private now public.
- Troy Hunt (@troyhunt) October 2, 2015
Some of these Patreon tables are very large - tens of millions of rows of user activity.
- Troy Hunt (@troyhunt) October 2, 2015
The hack is reminiscent of the widely publicised Ashley Madison hack in August. The extra-marital dating site was targeted by a hacker who released the personal details of tens of millions of customers apparently trying to pursue affairs on the website, as well as the CEO's emails.
In some ways, the Patreon breach is less immediately compromising for the users affected by it - no-one is likely to try and blackmail them over the fact they had an account, as was the case with Ashley Madison. But it still constitutes a massive violation of privacy, and the data is highly likely to be cross-referenced with other stolen data-sets and used in scamming and identity theft attempts.
Who's behind the attack? Right now, Patreon is making any attempts at attribution. But a user called "Vince" is claiming responsibility on 8chan. Vince is a board volunteer on Baphomet, an 8chan community focusing on raids on other sites and hacking. Breitbart reports that Vince has previously at alternate times claimed to support conservative internet movement Gamergate, and hacked sites supporting it.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
- In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
- SBI Life Q4 profit rises 4% to ₹811 crore
- IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
- COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
- India legend Yuvraj Singh named ICC Men's T20 World Cup 2024 ambassador