{"id":140678,"date":"2015-10-02T09:12:18","date_gmt":"2015-10-02T07:12:18","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=140678"},"modified":"2015-10-02T12:42:32","modified_gmt":"2015-10-02T10:42:32","slug":"patreon-hack-exposes-private-user-data","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/140678-patreon-hack-exposes-private-user-data.html","title":{"rendered":"Patreon hack exposes private user data"},"content":{"rendered":"<p>Almost 15GB of data from Patreon\u2019s servers has been posted online after a recent hack on the service, <strong><a href=\"http:\/\/arstechnica.com\/security\/2015\/10\/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online\/\">Ars Technica reported<\/a><\/strong>.<\/p>\n<p>Patreon is a crowdfunding platform that lets people support artists by becoming their patrons, donating either a fixed amount or becoming a monthly subscriber for rewards.<\/p>\n<p>The Patreon data archive contains password data, donation records, and source code. Passwords were secured using the bcrypt cryptographic hash function.<\/p>\n<p>Security researcher Troy Hunt told Ars Technica the fact that the hackers got their hands on source code suggests that the compromise is more than an SQL injection attack.<\/p>\n<p><strong><a href=\"https:\/\/twitter.com\/troyhunt\/\" target=\"_blank\">Hunt<\/a><\/strong> provided the following details of the breach:<\/p>\n<ul>\n<li>Patreon has a table called \u201cdmca_takedowns\u201d.<\/li>\n<li>There are 2.3M unique emails in the Patreon dump, including Hunt\u2019s.<\/li>\n<li>Patreon dump includes messages, some with personal info.<\/li>\n<li>All the campaigns, supporters, and pledges are there.<\/li>\n<\/ul>\n<p>\u201cThe dollar figure for the Patreon campaigns isn\u2019t the issue, it\u2019s supporters identities, messages, etc. Everything private [is] now public,\u201d he said.<\/p>\n<p>Hunt said\u00a0he thinks hackers got their hands on Patreon\u2019s user data through a\u00a0developer getting a copy of the production database &#8220;just for testing&#8221;.<\/p>\n<h3 id=\"related\">More security news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140654-new-android-stagefright-vulnerability-uncovered.html\"><strong>New Android Stagefright vulnerability uncovered<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140512-critical-vulnerability-in-winrar-exposed.html\"><strong>Critical vulnerability in WinRAR exposed<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140200-akamai-xor-ddos-warning.html\"><strong>Akamai XOR DDoS warning<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/139184-apple-app-store-suffers-first-major-attack.html\"><strong>Apple App Store suffers first major attack<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/139156-anc-linked-businessmen-bought-super-cellphone-spying-device.html\"><strong>ANC-linked businessmen bought super cellphone spying device<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Content and artist crowdfunding platform Patreon is the latest victim of a significant security breach.<\/p>\n","protected":false},"author":23,"featured_media":140680,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,33190,33192,33188,33194,33196],"class_list":["post-140678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-hank-green","tag-john-green","tag-patreon","tag-subbable","tag-troy-hunt"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140678"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=140678"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140678\/revisions"}],"predecessor-version":[{"id":140700,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140678\/revisions\/140700"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/140680"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=140678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=140678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=140678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}