Crowdfunding Website Patreon Hacked
Patreon, an internet patronage website that helps finance creative professionals with recurring payments has confirmed an unauthorized incident on September 28 to access a Patreon’s database containing its users’ information.
Popular crowdfunding platform Patreon is the victim of a data breach that exposed its users’ information to malicious hackers. The company confirmed that no credit card details were compromised since they weren’t stored on the website, according to a security notice posted on the website.
Speaking from the top, Jack Conte, CEO and a co-founder of Patreon said:
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches.
In marked contrast to most statements released by companies suffering a data breached, the CEO apologized to his users.
I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
The breach targeted a debug version of the website that was public and was soon shut down after the discovery of the unauthorized access. All non-production servers were then moved behind the company’s firewall.
The unauthorized access to the database extended to users’ information such as:
- Registered names
- Posts on the website
- Email addresses
- Shipping addresses
- Billing addresses that were entered into users’ accounts before 2014.
Conte assured users that no “full credit card numbers” were stored on the company servers. Additionally, the implementation of 2048-bit RSA key encryption helped with the safeguarding of breached data such as:
- Tax form information
- Social security numbers
Conte further confirmed that all private keys and API keys granted to third-party applications and services have been reset as a precautionary measure. All users’ passwords were protected with the non-reversible ‘bcrypt’ hashing scheme to ensure that passwords aren’t decrypted.
Patreon is currently using the services of an outside security firm to conduct a “comprehensive internal security audit” and has confirmed that new security tools and practices will be implemented to “ensure industry-leading security” for all Patreon users and their data.
Images from Shutterstock & Wikimedia.