Following yesterday’s news about crowdfunding platform Patreon getting hacked, with user details including names and addresses being among what was stolen, now comes the sad discovery that the data — nearly 15GBs worth — has been leaked online. Security researcher Troy Hunt told Ars Technica that he found the data dump on file sharing sites, and it included Patreon’s user database and the site’s source code.
Hunt said that the user data included 2.3 million email addresses, private messages, passwords, and donation records. In Patreon’s disclosure of the security breach, the site mentioned that no credit card numbers were stolen, and password data was encrypted. However, it seems with access the source code, the hackers were able to decrypt the passwords, much like what happened with the recent Ashley Madison incident.
As Patreon suggested, users are highly encouraged to change their passwords, and with that info being decrypted, accounts on any other websites that re-used that password need to be updated as well.
The security breach was said to have occurred on September 28th, with hackers gaining access to a debug server that contained a copy of the site’s user database. The leaked data shows that it contains information that had been generated up to September 24th.
Patreon also said they would be conducting an investigation of their security systems, as well as hiring a third-party security firm to conduct an internal audit. Unfortunately that will do little to help the users whose information is already online.