Just a day ago Patreon admitted it had been breached and some personal data had been stolen from the service — now much of it has leaked online.
On October 1, alleged database dumps, internal configuration files and the site’s source code appeared on file download sites. Since then, security researchers have verified the authenticity of the data.
The data contains private messages, full campaign details, supporter information and more. Patreon claimed that passwords are securely encrypted, but as we saw with the Ashley Madison hack, that may not be unbreakable with access to the site’s source code.
The leak also contained private keys and passwords used by the company to authenticate with external services like Slack, New Relic and more.
In a blog post Patreon says that it has engaged a third-party security firm to do an audit, but it’s too late for any previous users of the service who have had details stolen.
You can check if your data was found in the leak using Have I Been Pwned.
Image credit: Shutterstock