Crowdfunding platform gets hacked, no credit card data lost

Oct 1, 2015 23:30 GMT  ·  By

Patreon, the crowdfunding site that helps artists find patrons to fund their projects, has acknowledged a data breach during which some customer information was lost.

The news first appeared on Twitter as a rumor, and was confirmed today by Patreon's CEO and Co-founder Jack Conte.

In a technical write-up Mr. Conte posted on the company's blog, he admitted to the incident saying that the hacker managed to gain access to registered names, email addresses, posts, and some shipping addresses.

Some billing address information that was added before 2014 was also accessed during the incident.

The good news is that Patreon does not store any kind of credit card information, so the hacker was not able to get their hands on such data.

Additionally, Patreon's CEO also claims that his company uses a 2048-bit RSA key to encrypt information about social security numbers, tax form information, and user passwords.

As a precaution, the company sent out email notifications to all users, urging them to change their passwords, just in case.

At fault for the incident seems to be a debug version of the Patreon website which was left accessible via the Internet.

Mr. Conte claims that no unauthorized access was ever recorded to one of its production servers, and that no private keys for other server and development resources were lost. Nevertheless, private keys and API keys have been changed as a precaution as well.

UPDATE: There are multiple reports that the Patreon user database is now available on Mega, Kim Dotcom's Megaupload clone.