Crowdfunding site Patreon has reported that its servers have been breached, and that someone had accessed its stored email addresses. This was followed by a massive data dump claiming to be information stolen from Patreon’s servers; data that includes user names, password data, donation records, and even source code.
Patreon is a crowdfunding site that allows subscribers to donate to content creators. Unlike other platforms like Kickstarter or Indiegogo, these donations can be set up as recurring monthly payments. In return, the subscribers get access to variety of additional content provided by the creators.
Nobody has officially confirmed that the 15GB data dump is real, but several Patreon users have reported finding their email addresses on the list. Fortunately, the stored passwords have been encrypted with a 2048-bit RSA key. This should make it a whole lot harder for hackers to decrypt the passwords for their own use, but it does not mean that decryption is impossible.
This has been the second high profile security breach in the last few months. Cheating site Ashley Madison was hacked not too long ago; the biggest revelation wasn’t so much the names of the people who were using the site as it was the fact that most of the women there were bots and fake accounts. The Ashley Madison hack was purportedly motivated by altruistic hackers who wanted to shut the site down; however, the attackers recent Patreon breach have not revealed themselves.
Patreon subscribers should take precautions and change their account passwords; as well as any account that shares the same password. Proper security precautions should mean that no two accounts share the same password, but internet users rarely stick to this rule.