Patreon hack sees 13.7GB of personal user data dumped online

The artists crowdfunding website, Patreon is in a deep security crisis as it suffered a major breach which saw 13.7GB of personal data including passwords and donation records being stolen by hackers and dumped online.

Patreon based in San Francisco, is a crowdfunding platform created by musician Jack Conte and developer Sam Yam. It allows artists to obtain funding from patrons on a recurring basis or per artwork. It is very popular with YouTube content creators, musicians, and webcomic artists.  According to Patreon, unknown hackers breached its servers on 28th September and stole user information.

As of now no hacker or hacking group has claimed responsibility for the Patreon hack, the website, which has grown to be the lifeblood for many emerging online talent and businesses, is now determining how best to deal with the news that it has suffered such a monumental breach.

Patreon which issued a statement about the hacking incident said that it took place on 28 September and allowed the hackers access to registered names, email addresses, posts, and some shipping addresses.

Patreon’s saving grace, the company said, is that the most sensitive data, including social security numbers and tax information, were stored behind a 2048-bit RSA encryption key.

“We protect our users’ passwords with a hashing scheme called ‘bcrypt’ and randomly salt each individual password,” Conte said. “Bcrypt is non-reversible, so passwords cannot be ‘decrypted’. We do not store plain-text passwords anywhere.”