If you are a subscriber of Patreon, the crowdfunding site, you better change your password as early as now!
The crowdfunding site has been victimized by hackers with almost 15GB of files leaked online. Information on the wrongfully-accessed files include registered names, email addresses, posts, and a few shipping addresses. In addition, few billing addresses that were added prior to 2014 were also accessed. The alleged database files and source codes were found on file download sites on October 1.
CEO Jack Conte wrote in a statement dated October 1, "Yesterday I learned that there was unauthorized access to the Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community."
Conte added, "We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although access, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon."
Patreon differed itself from the usual crowdfunding websites by allowing users to donate to charities, artists, and causes on a regular basis.
Troy Hunt, a safety researcher, was able to sift the leaked information and discovered about 3 million distinct email addresses including his own. According to him, some of the data leaked included messages sent between users, email addresses, campaigns and their supporters, and more.
Although this incident seems less compromising than some of the hacking incidents in the past such as that of Ashley Madison, it is still a violation of privacy.
The attack has been claimed by a user called "Vince", who is a board volunteer on Baphomet, an 8chan community that focuses on raids on other sites and hacking.
