Crowdfunding website Patreon recently announced that its servers were breached and user data was accessed and stolen by hackers. Now, the data has been dumped online by the data thieves. The hacking group has released nearly 15 gigabytes of data including passwords, donation records and other user information. The hackers have even released the source code of the crowdfunding website.
Security researcher Troy Hunt downloaded a copy of the hacked data provided online and confirmed that there is high likelihood that the data comes from Patreon servers. The breach seems more damaging to the users as the hackers were able to collect almost all the data stored on Patreon servers. The release of source code of Patreon crowdfunding platform suggests that the security features employed by Patreon management were not enough.
The data has been posted on many places online but it wasn’t verified in the earlier reports. The complete source code release suggests that the data wasn’t only hacked by SQL injection technique but the hackers had access to the server, to even steal the source code of the website.
Patreon’s CEO Jack Conte has suggested that users should change their password. All the activity of Patreon users in now public.
According to Patreon developers, they used bcrypt algorithm to encrypt password information. However, in the last month cracking of Ashley Madison password data by a hacking group, the bcrypt algorithm was decoded and millions of the passwords were cracked.
According to a report published on Ars Technica, security expert Troy Hunt has parsed some of the records and found 2.3 million unique email addresses.
According to an update shared by Hunt on Twitter, “Obviously all the campaigns, supporters and pledges are there too. You can determine how much those using Patreon are making. The dollar figure for the Patreon campaigns isn’t the issue, it’s supporters identities, messages, etc. Everything private now public.”
According to a report published in Business Insider, “Patreon breach is less immediately compromising for the users affected by it – no-one is likely to try and blackmail them over the fact they had an account, as was the case with Ashley Madison. But it still constitutes a massive violation of privacy, and the data is highly likely to be cross-referenced with other stolen data-sets and used in scamming and identity theft attempts.”
As October is data security month, we have noticed three hack reports in the current month. 15 million T-Mobile customer’s records were breached as per Experian. Patreon has been hacked. Scottrade informed on Friday that 4.6 million user records were accessed by data thieves.