Patreon, an online crowdfunding website, advises its subscribers to change their passwords following a data breech they experienced last Monday.
Based on a report by Herald Recorder, valuable information about its subscribers were stolen and posted online by still unidentified hackers. The report says that about 15 GB of data consisted of "sensitive information, source code, password data & donation records" were stolen in breech.
Troy Hunt, a security researcher, confirmed that the data going around the Internet is indeed from the Patreon's server. Hunt pointed out that the hackers spent considerable effort in accessing the information that he discovered, based on the archive files that he was able to download and analyze, and that it showed more than 2.3 million email addresses including his own.
The incident happened on Sept. 28, according to a statement released by Patreon CEO Jack Conte last Thursday.
In his statement, Conte said that the thieves were able to access their database and get their users' information records, which included user names and emails, posts, some shipping addresses as well as billing addresses registered before 2014. He also said that no credit card information were stolen in the breech and "all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."
Since the incident, the Patreon engineering team has blocked access to the said server and immediately made a move to secure the database to avoid other untoward occurrences. Conte also gave assurance that they are doing their best to make sure that their users are safe, adding that their users change their passwords as an added protection.
Patreon's statement also indicates that they use bcrypt to safeguard user passwords. This feature prevents encrypted passwords to be accessed.
Patreon's case joins the list of other hacking incidents that happened this month. Earlier, about 15 million customers of T-Mobile were affected by a breech done to credit bureau Experian, while 4.6 million users were affected in the Scottrade hacking incident last Friday.
