Just a day ago Patreon admitted it had been breached and some personal data had been stolen from the service — now much of it has leaked online.
On October 1, alleged database dumps, internal configuration files and the site’s source code appeared on file download sites. Since then, security researchers have verified the authenticity of the data.
Troy Hunt, the creator of Have I Been Pwned, said on Twitter that it appears an entire copy of the database for the site was downloaded from the test server and released as part of this leak.
The data contains private messages, full campaign details, supporter information and more. Patreon claimed that passwords are securely encrypted, but as we saw with the Ashley Madison hack, that may not be unbreakable with access to the site’s source code.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
The leak also contained private keys and passwords used by the company to authenticate with external services like Slack, New Relic and more.
In a blog post Patreon says that it has engaged a third-party security firm to do an audit, but it’s too late for any previous users of the service who have had details stolen.
You can check if your data was found in the leak using Have I Been Pwned.
➤ Gigabytes of user data from hack of Patreon donations site dumped online [Ars Technica]
Image credit: Shutterstock
Get the TNW newsletter
Get the most important tech news in your inbox each week.