In the wee hours of the morning scammers took to the Internet to demand payment in the form of Bitcoin in exchange for keeping your private Patreon data — including tax ID, tax forms, SSN, DOB, and credit card details — off the Web.
Cartoonist Steve Streza was one of many who received the email that appears to be targeted at anyone whose data was compromised during the recent Patreon hack.
— Steve Streza 🌹 (@SteveStreza) November 21, 2015
A Patreon representative told Tech Crunch that this is a “scam email” and that authorities had been notified.
What’s unclear is just how much data was compromised in the recent hack and how vulnerable those that got extortion emails really are.
What we know so far is comes from Patreon itself in a blog post that reveals: “no personal information from users was taken, but a lot of code and sensitive material on Patreon’s end was lost.”
Patreon founder Jack Conte had this to say:
There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon.
I was able to track down the actual 4GB data dump of Patreon user information and it didn’t appear to contain anything sensitive. That said, I have no way to verify this was the actual hacked data and not a redacted version that was released online.
If you believe the company, which is usually a bad idea, then you’re probably safe.
➤ Extortionists Are Threatening to Release Patreon User Data [TechCrunch]