Patreon Security Breach

As some of have probably already heard, there was a recent security breach on the Patreon website. Apparently a mirror of the site that was intended for testing and development purposes was left exposed on the Internet at large and hacked. Data dumps of the whole thing are already out there on the usual torrent sites. Patreon claims — and I have no reason to doubt them — that no credit-card numbers or other financial information was exposed. Password hashes were stolen, but were encoded in such a way that it would take a staggering amount of computing power to crack any of them. Your email address and possibly your home address, if you provided it to the site, were stored in the clear as I understand it, and thus likely have been compromised.

I’m very, very sorry about this, as I’m sure is Patreon as well. They’re doing a great service that’s made a big difference for my life and for this blog, but they’ve been growing fast and obviously some things just got away from them. As for the people who do this sort of thing… I just don’t get it. Why not create something instead of tearing things down all the time?

At this point the cat is out of the bag, so to speak, so there’s not much to be done other than to change your password on Patreon, as well as anywhere else you might have been using the same password. If the damage is limited largely to lists of names and email addresses, it’s not so bad as these things go I suppose. If I hear more, and certainly if I have any reason to suspect it’s worse than that, I’ll let you know.