It ’s been a bad day for on-line security . Patreon , a crowdfunding website design to let fan ante up creative person , has just had 15 GB of its user ’s data — and the site ’s root code — dumped online .
The 13.7 - gigabyte datum trash dump appeared on the cyberspace today , and according toArs Technicaand security department research worker Troy Hunt ( ofhaveibeenpwnedfame ) , it ’s legit . The database control information and personal identity about artists and donors , private substance between drug user , and seed computer code for the situation itself — alongside email address and word , which can always be used to compromise accounts on other websites , if users used the same credentials across land site ( which they almost always do ) .
Found 2.3 M unqiue email in the Patreon dump … including mine .
— Troy Hunt ( @troyhunt)October 2 , 2015
Patreon says that the good news is no acknowledgment card information was taken . In apost acknowledging the drudge yesterday , the fellowship enjoin :
We do not stash away full credit lineup numbers on our servers and no credit card numbers were compromised . Although accessed , all watchword , societal security system numbers and tax physical body information remain safely encrypted with a 2048 - fleck RSA key .
Even though the word were cipher , they ’re far from resistant : although creature - storm the information would take prison term , it ’s possible that programming misunderstanding will be revealed in the leaked germ computer code , enabling hack to crock up the passwords much faster . As Ars point out , that ’s precisely what happened with the Ashley Madison hack .
So , for Patreon users , it ’s likely an fantabulous time to go change your passwords , not just on the website itself , but anywhere on the ‘ internet you expend the same username / password combo . ( Yes , I know you do it . ) For the rest of us , it ’s another uncheerful monitor that even the nicest , non - adultering web site can — and d0 — get hacked .
[ Ars Technica , Patreon ]
HackersHackingSecurityTechnology
Daily Newsletter
Get the good tech , scientific discipline , and acculturation news in your inbox daily .
newsworthiness from the futurity , birth to your present tense .
You May Also Like
