Patreon donation site's user data published online after hack
Patreon, the crowdfunding platform for artists, has been hacked recently, and almost 15 gigabytes of data stolen from the site is now available online. Security researcher Troy Hunt of have I been pwned? told Ars Technica that he found 2.3 million email addresses (including his own) in the data dump, along with password and donation records, private messages and even the website's source code. Note that some screenshots of the data dump that surfaced online indicate that part of the data stolen was generated as recently as September 24th.
While Patreon uses a hashing algorithm called "bcrypt" that's normally tough to crack, identity thieves could use vulnerabilities in the source code to help them decrypt passwords associated with your email addresses. Ars says that's what hackers did to decode the sensitive info they took from Ashley Madison, the cheaters' dating website that was revealed to have very few female users. To protect yourself, make sure to change the password not just for your Patreon account, but also for your email and for any other website where you used the same details.
@troyhunt dm me if you want the @Patreon dump :) pic.twitter.com/C19XseLEmn
— amlolz (@amlolzz) October 1, 2015
The dollar figure for the Patreon campaigns isn't the issue, it's supporters identities, messages, etc. Everything private now public.
— Troy Hunt (@troyhunt) October 2, 2015
[Image credit: Getty Images/iStockphoto]
