Patreon Hack: Nearly 14 GB of User Data from Funding Site Dumped Online
The Patreon crowdfunding site has fallen victim to a recent hack in which almost 14 GB of user data were dumped online by the hackers.
In the said data dump, hackers have publicized Patreon user information including passwords, source code, and donation records acquired from the hack. A security researcher who inspected the dumped data said it most likely came from Patreon and that the breach could be wider than they thought, according to Ars Technica.
On Wednesday, Patreon chief Jack Conte confirmed that hackers have breached its servers and stole user data. The hack and data dump suggest that Patreon's security features are not sufficient to protect user data. However, social security numbers, tax forms, and credit card information of users have remained safe because they were not stored on the site's servers, NYC Today reports.
"The fact that source code exists ... is interesting [and] suggests much more than just a typical SQL injection attack and points to a broader compromise," security researcher Troy Hunt told Ars. "At the very least, it means mapping individuals with the Patreon campaigns they supported. There's more data. I'll look closer once the restore is complete."
Hunt also said he was able to browse through the dumped data and found his own email address among 2.3 million others listed there.
In the wake of the Patreon hack and data dump, the funding site's officials said the user passwords were protected by bcrypt hash. This means it would take hackers a tremendous amount of time to penetrate the hash. Still, hackers can speed up the process now that they have the site's source code. This was what happened to cheating website Ashley Madison last month, the report details.
Patreon subscribers are now advised to alter their compromised passwords, not only on the funding site, but also in other websites where they use the same password. In addition, the site's users are instructed to prepare themselves in the event that their activities on Patreon would be permanently included in the Internet records.
Meanwhile, Hunt said the data dump also includes both sent and received private messages of users. The data can determine the income of Patreon supporters. But the real issue here is the exposure of the identities and messages of the users to the public eye.