Patreon website, a popular crowdfunding site used by artists to find sponsors or ‘patrons’ for their works, was hacked. About 15 gigabytes’ worth of stolen data including donation history, registered names, source code and other account details were leaked online.
Artists’ private messages were also made public, but the good news is that passwords, social security numbers and credit card details are safe although they were also breached.
In a recent blog post, Patreon explained that these data were safe because they were encrypted with help from a very strong encryption method called 2048-bit RSA key.
The site’s chief executive and co-founder Jack Conte said that he learned about the breach Sept. 30. He described the hack as an “unauthorized access” to the website’s database, but added that cyber security experts blocked that access and set in place other precautionary measures to prevent additional hacks.
“I am so sorry to our creators and their patrons for this breach of trust,”
Conte also wrote in the blog post.
In the breach registered names, some shipping addresses, e-mails, and billing addresses were leaked. Only data posted until last year were compromised. Conte said that users do not need to take ‘specific action’, but it is highly advisable for them to change passwords.
The site also cautioned that users should be extra careful with what e-mails they try to access since their e-mail addresses were also compromised. Some hackers may use phony e-mails with links to malware or request personal information from users.
But leaked data already spread like wildfire on the Internet. Several copies of the hacked database appeared online and cyber security technicians had a real hard time in finding which database was genuine. The breach is very similar to Ashley Madison hack, but experts do not yet know who the hackers are.
Security experts who work on the issue believe that the source code does exist and the hack was more than a common ‘SQL injection attack.’ There must have been larger flaw in the database that allowed the hack to occur.
Conte recently explained that hackers used a debug version of the database that was earlier made public. In the process the website also revealed a snapshot of the site’s production database. Although cyber attackers couldn’t get into production servers they did obtain access to older user data.
The site reported that 2.3 million e-mail addresses were leaked including the founders’.
Image Source: Deviantart