Info From Patreon Hack Posted Online

Patreon LogoIt initially looked like last week’s news of Patreon being hacked was just another run-of-the-mill story about a cybersecurity breach. But it turns out there may be more to it.

Ars Technica is reporting that the information acquired by hackers has been posted online in the form of a “data dump.” The information was analyzed by a security researcher, who concluded that it appears to be authentic data from Patreon’s servers. The researcher was eventually able to restore a database from the hacked files and search it, where he found his own e-mail address, as well as the e-mail addresses of other Patreon users.

Account passwords that were extracted during the hack were protected using an encryption scheme called bcrypt. This is good news, as bcrypt requires a lot of computational power to crack. However, hackers were able to acquire some additional source code during the attack. They may be able to use that code to more easily defeat the bcrypt encryption. That’s what happened during the recent high-profile Ashley Madison hack.

Patreon hasn’t released an updated statement to its original security notice. It’s still highly recommended that users reset their passwords, as well as passwords to other accounts that might’ve used the same password.

One thought on “Info From Patreon Hack Posted Online

  1. An email I sent to Patreon:
    Ever since Patreon was hacked and my account info has been released out into the world I’ve been getting calls from people saying they are from Microsoft telling me my name, address, IP address and other personal info, to turn on my Microsoft computer and they will help me get rid of a virus. They usually hangup when I ask them for a call back number. Please notify your subscribers of this social engineering attempt. Also delete all my info off you system and also delete my account.

Comments are closed.