In a blog post, Patreon CEO and co-founder Jack Conte said a Patreon database containing user information had been compromised, leading to unauthorized access to data including registered names, email addresses, posts, and a few shipping addresses in addition to a number of billing addresses stored prior to 2014. “The Patreon team is working especially hard right now to ensure the safety of the community”.
Advertisement
Credit cards were not compromised because the company doesn’t hold those numbers in its database and, Mr. Conte continues, and, though hackers attempted to get to passwords, they were encrypted.
Patreon, a rewards-based crowdfunding platform that focuses on musicians and other content creators has been hacked.
On Thursday, crowdfunding artist patron and support service Patreon informed customers that a data breach had taken place.
In an email to users, Patreon were open and honest about the attack and assured users that their sensitive information, such as credit cards and passwords were safe, however information such as names, addresses, and in a few cases, social security numbers, had been accessed in the attack.
Patreon has launched several high-profile rewards campaigns, including Amanda Palmer. Still, the company rightly suggests that now would be a good time for users to change their passwords. Engineering teams verified that no unauthorized access to production occurred by checking access logs. Nevertheless, private keys and API keys have been changed as a precaution as well. You might want to take a few precautions with your account, but no one is going to steal your identity only to find that it’s financially useless due to your crushing student loan debt. Bcrypt is non-reversible, so passwords can not be “decrypted”.
According to the security advisory, Patreon’s engineering team immediately took action to make access to the affected server impossible and is now conducting a rigorous investigation into how the compromise happened.
Advertisement
“We are in close touch with law enforcement to minimize risk to our users and we have engaged a third party security firm to inform our response”, Conte’s statement continues.
