Patreon, the crowdfunding site designed for artists and creators, was recently targeted in a massive cyber attack.
The data breach led to around 15GB of users’ information being stolen by the hackers and leaked online.
The attack on the site was confirmed by Patreon CEO Jack Conte on September 30. According to the executive, the site has already taken the necessary steps to ensure the security of its users.
“Yesterday I learned that there was unauthorized access to a Patreon database containing user information,” he wrote. “Our engineering team has since blocked this access and taken immediate measures to prevent future breaches.”
The Market Business reported that security researcher Troy Hunt said that details of Patreon users were then posted on various online forums. He was able to access these sites and confirmed that the leaked details are authentic.
According to Hunt, the leak includes users’ names, email addresses, shipping addresses and messages sent to other users. After going to the released details, he found a total of 2.3 real email addresses including his own, Ars Technica has learned.
Despite the data breach, Conte assured users that credit card details were not stolen during the cyber attack.
He also noted that although other details such as passwords, tax form information and social security numbers, were accessed, these are safely encrypted. However, as a precaution, the executive strongly suggests that users should change their passwords for the site immediately.
Although the users’ credit card information remain protected, the attack on Patreon is a major violation of privacy since the other personal details of the victims were released to the public.
“Obviously all the campaigns, supporters and pledges are there too,” Hunt tweeted. “You can determine how much those using Patreon are making.”
“The dollar figure for the Patreon campaigns isn’t the issue, it’s supporters’ identities, messages, etc.,” he continued. “Everything private now public.
According to Conte, the attack was carried out by accessing a debug version of the site. From there, the hacker was able to access the site’s database.
Patreon’s investigation regarding the incident is still ongoing. As for who’s responsible for the attack, no suspects have been identified yet. However, an 8Chan user who goes by the name Vince claims to be the hacker behind the data breach.
According to The Market Business, Vince is a board volunteer of the 8Chan community Baphomet, which focuses on the subject of hacking and raiding other websites.