Aaron Mamiit, Tech Times

Patreon, a crowdfunding platform for artists, suffered a major data breach, with the hackers publishing almost 15GB worth of data affecting millions of users.

Through Patreon, people send in regular donations towards a wesbite, artist or project. Some of these backers, however, now have their information compromised after a hacker was able to infiltrate the debug version of the crowdfunding website.

The compromised data, which has been uploaded to various locations online, has been confirmed as coming from the server of Patreon after undergoing inspection by security researcher Troy Hunt.

Thankfully, according to Patreon, the website does not store complete credit card information of backers on its servers, with no credit card numbers being involved in the data breach. In addition, while passwords, tax form information and social security numbers were accessed, the sensitive information is still protected with 2048-bit RSA key encryption.

Hunt, however, said that the amount and the type of information uploaded by the hackers suggested that the data breach was even more extensive that origianlly thought, with a higher potential of being damaging to the affected users.

"The fact that source code exists ... is interesting [and] suggests much more than just a typical SQL injection attack and points to a broader compromise," Hunt said to tech news website Ars Technica.

After sifting through the data uploaded by the hackers though, Hunt discovered 2.3 million unique e-mail addresses, which means that number of people were affected by the data breach. Hunt also said that the uploaded files contains the whole database that was compromised in the attack, which includes private messages that were sent and received by Patreon users, campaigns, pledges and supporters.

Hunt added that looking through the data, it can be determined how much Patreon is making, though this is actually not the issue. The real problem would be the fact that a lot of private information is now out in the public, including the identities of supporters and their messages.

Patreon users, needless to say, should change their password on the website, in addition to their passwords on other websites that use the same password as the one they used in Patreon. Users should also be prepared for the Internet to find out their activities on the crowdfunding website.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Patreon Crowdfunding Hacking hackers
Join the Discussion

Related Article