Crowdfunding site Patreon has been hacked and a huge amount of data has been leaked online
Patreon confirmed the breach in a statement published on Thursday. "Yesterday I learned that there was unauthorized access to a Patreon database containing user information," CEO Jack Conte wrote. "Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community."Since then a several-gigabyte file of data apparently exfiltrated from Patreon's systems has been released online and is being shared on forums discussing the hack. Business Insider has not independently verified the leak, but security researcher Troy Hunt has accessed it and says it appears to be legitimate. Another individual Business Insider spoke to who has access to the files also says the dump appears to be authentic.
Uh oh, looks like the Patreon dump includes messages, some with very personal info.- Troy Hunt (@troyhunt) October 2, 2015
Obviously all the campaigns, supporters and pledges are there too. You can determine how much those using Patreon are making.- Troy Hunt (@troyhunt) October 2, 2015
This looks like a complete DB dump of Patreon, the whole works is in there.- Troy Hunt (@troyhunt) October 2, 2015
The dollar figure for the Patreon campaigns isn't the issue, it's supporters identities, messages, etc. Everything private now public.- Troy Hunt (@troyhunt) October 2, 2015
Some of these Patreon tables are very large - tens of millions of rows of user activity.- Troy Hunt (@troyhunt) October 2, 2015
The hack is reminiscent of the widely publicised Ashley Madison hack in August. The extra-marital dating site was targeted by a hacker who released the personal details of tens of millions of customers apparently trying to pursue affairs on the website, as well as the CEO's emails.
In some ways, the Patreon breach is less immediately compromising for the users affected by it - no-one is likely to try and blackmail them over the fact they had an account, as was the case with Ashley Madison. But it still constitutes a massive violation of privacy, and the data is highly likely to be cross-referenced with other stolen data-sets and used in scamming and identity theft attempts.Who's behind the attack? Right now, Patreon is making any attempts at attribution. But a user called "Vince" is claiming responsibility on 8chan. Vince is a board volunteer on Baphomet, an 8chan community focusing on raids on other sites and hacking. Breitbart reports that Vince has previously at alternate times claimed to support conservative internet movement Gamergate, and hacked sites supporting it.
- Tech giants Google, Amazon, and Apple back work authorisation in US for spouses of H-1B visa holders
- This new book about saving a forest as big as 178,000 football fields is only partly fictional
- Cyclone Tauktae causes heavy rains in Kerala — coastal areas are badly affected
- How to take screenshot on your Iphone
- How to change theme of your Instagram chat