Criminals put database of cracked crowdfunding site Patreon online
Criminals have put what appears to be the entire database of the crowdfunding site Patreon, which was hacked this week. The 14GB file contains, among other things, 2.3 million email addresses and personal messages from users.
On Wednesday, Patreon said that criminals had gained access to the database through a debug version of the site that was not behind a firewall. The perpetrators have now put the data they have stolen online in various places on the internet. Patreon is a crowdfunding site that allows users to donate money to people working in the creative sector, such as musicians and YouTube creators.
according to Security researcher Troy Hunt contains the nearly 14GB file of 2.3 million unique email addresses, personal messages, and details about campaigns and donations, revealing, among other things, who supports which artist and how much the latter receives. Passwords were hashed via Bcrypt, Hunt tells Ars Technica, so there’s little chance that they’ve been cracked, although there is a possibility that malicious parties could speed up decryption if they find design flaws in the stolen code.
One of the individuals who accesses the file through his site, but is not involved in the hack himself, claims that private ssl keys can also be found in the Patreon database.