Content creation is not cheap, especially when you start doing it on a larger scale. And advertising on your website, podcast, or YouTube doesn’t always pay the bills. That’s where Patreon comes in. It’s a way for users to pay their favorite content creators based on what they think the content is worth. We are a part of the Patreon community ourselves and are preparing to launch a new campaign to share with all of our readers. So I was surprised to see an email this morning letting me know that Patreon was hacked and I should change my password.
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon. ~Jack Conte, CEO/Co-founder, Patreon
The hacker got in through a debug version of the site which was publicly visible but it seems Patreon was at least prepared by not storing any private keys or ways to get into other servers. Passwords were also encrypted but it’s still recommended you change them as soon as possible. Patreon has also rotated their private keys and API’s as a precaution in case their security measures weren’t effective. So if you’re a Patreon account holder you should change your password.Source: Patreon