The company put special emphasis in that no credit card information had been compromised as full credit card numbers are not stored on the servers and no credit card numbers were accessed.
Advertisement
Additionally, Patreon’s CEO also claims that his company uses a 2048-bit RSA key to encrypt information about social security numbers, tax form information, and user passwords.
Today, Patreon revealed that it recently suffered a security breach, during which someone gained unauthorized access to one of the site’s databases containing user information.
In a stark contrast to so many breach notices, Patreon leads with an apology: “I am so sorry to our creators and their patrons for this breach of trust”. The operations team at Patreon is working hand in hand with Twitter’s trust and safety team.
The hackers did access registered names, email addresses, posts, and a few shipping addresses, as well as billing addresses added prior to 2014. Still, he recommended that users at least change their Patreon passwords just in case.
How did this happen?
The post explains that the hack occurred on September 28th and the attack surface it took advantage of was a development version of their website visible to the public. It continued, stating its engineering team has blocked the access and “taken immediate measures to prevent future breaches”. The site’s engineers are now investigating their security systems, and they are going to have a third-party security firm conduct an internal audit.
Advertisement
Similar to crowdfunding campaign websites, Patreon allows people to donate money to a few of their favourite online talent or charities, but on a monthly basis rather than as a one-off payment. Due to the popularity of the website it acts as a companion to Kickstarter for keeping artsy projects afloat, and artists can use it to connect to fans by giving those who pay special access, previews, or products as a “thank you” for support.
