Online-funding platform Patreon has been hacked, and to make matters worse, its entire database has been published online. The leaked 15 GB mass of data includes user account information, source code and both payment and private message histories.
Security researcher Troy Hunt has examined the leaked files and tweeted that it looks to contain the entirety of the site’s databases. In response to the hack, Patreon has ensured users that it does not store credit card information, and that it encrypts passwords with the strong bcrypt technology.
While Patreon’s CEO and Co-founder Jack Conte told users in a letter that “Bcrypt is non-reversible, so passwords cannot be “decrypted,” that data isn’t completely safe from prying eyes. Passwords stored on the recently hacked Ashley Madison website were also encrypted using bcrypt, and its weaker passwords were eventually cracked.
Hunt maintains the site haveibeenpwned, which lets users know which services they have accounts with have had database breaches. For Patreon, it lists the comprised data as “Email addresses, Payment histories, Private messages [and] Website activity.”
According to Hunt, 2.3 million email addresses were found in the database, including his own. If you're a Patreon user, it would be wise to visit the settings page in your account and set a new, complex password in the event that your current one becomes decrypted.