The Patreon Hack: 14 Gigabytes of Trolling

And Patreon wasn't even really the target

Company logo (Image: Patreon)

Company logo (Image: Patreon)

The Patreon hack appears to have been done by a troll looking to stir up GamerGate, but whoever was behind it has secured real data. The Observer previously reported that the hack may have been GamerGate related, because the hacker in question tweeted that he or she had done it for the online, decentralized movement about video game journalism.

The hacker who claimed responsibility previously tore down one of GamerGate’s main websites, GamerGate.me, one of the community’s wikis. That URL now redirects to the Wikipedia page for the “GamerGate Controversy.” Various sources have told the Observer that the hacker, known online as “Vince,” has been targeting GamerGate for months. More broadly, the incident and the response illustrates what’s so complicated about decentralized groups, particularly ones with a message.

The Observer first encountered the group in a direct conversation last year. That post includes a version of their origin story, but pinning down their precise agenda from there is harder.

One user of the main subreddits for GamerGate wrote the following of the hacker:

Anyone can call themselves a member of GamerGate… This particular person you’re mentioning has been openly antagonistic toward us and took down on of our major information centers, though, so it’s a stretch to call him a GamerGater even if he declares it. The most likely reason he called himself a member of GamerGate is so that your article would appear and he could laugh at us, honestly.

It’s always tempting to describe any group as monolithic. As narrative oriented humans, we want to be able to say that “GamerGate” believes X just as we want to be able to say Democrats believe Y, but groups don’t work that way. Prior to becoming a tech journalist, I worked as a community organizer, spending roughly as many years on behalf of low income people as I did on behalf of the environment. What I learned in that time was that, when organizing people for change, the difficult battles aren’t with your enemies, but with the people on your side.

The hardest part of changing the world is harmonizing allies.

Identifying “what GamerGate thinks” about any particular topic is especially hard, since the group exists for the most part in largely anonymous online spaces. Unlike many social change phenomena that have come before, GamerGate has no leaders, spokespeople or structure.

There doesn’t even seem to be a single online forum that everyone agrees on, though Reddit’s r/KotakuInAction has appeared to dominate during this conversation.

What happened?

On Wednesday night, Patreon posted that a copy of its database had been hacked. The blog post from CEO Jack Conte describes the attack surface as a test site, with a copy of user data. No sensitive information, the company said, was compromised.

The hack occurred on September 28. Patreon confirmed the hack on the evening of September 30. Patreon has not replied to multiple request by the Observer for comment.

Prior to the Patreon announcement, on September 28th, a Twitter user named @Tulpamania (account now suspended) admitted responsibility for hacking Patreon. The hacker claimed to have done it “in the name of #GamerGate? :^)” as the Observer previously reported.  

Response from GamerGate was swift and voluminous, roundly distancing itself from the actions of Vince throughout Thursday morning, both on Twitter and on Reddit.

Since the hacker’s original account got suspended, Vince appears to be using another account:

Vince has declined repeated requests on Twitter to elaborate on his reasons for the hack.

What did the hackers get?

When Ashley Madison got hacked, the hackers waited quite a while to post the data. Not so with this hack. A data dump was posted the morning after Patreon announced the breach, purporting to be the stolen Patreon data. Inside that data dump is a ReadMe.txt file that reads:

#SuperExtremeShitpostingTeam, bringing to you the latest in lulz!
Patreon left their backdoor open, so we rammed into it with full force.
Included is a txt of interesting data, their sql database, and a backup of their python port!

Is it real? A software analyst who looked at the data for the Observer said the more than 14 GB of SQL data there “definitely passed the smell test.” The most sensitive data found appeared to put the company more at risk than its users, however.

Jack Conte, musician and founder of Patreon, at the Black Cat in Washington. (Photo: Joe Loong, Creative Commons)

Jack Conte, musician and founder of Patreon, at the Black Cat in Washington. (Photo: Joe Loong, Creative Commons)

Another security expert we spoke to predicted a bust on the hacker in short order, based on the dump. More on this to come. 

The Observer is declining to post a link to the data.

What’s GamerGate’s take on Patreon?

I posted a series of questions to the community this morning about the hack.  

Most of the responses I got to that question this morning on Reddit suggested the members of that forum are fine with Patreon’s service these days.

This reply from @hansschmittfree seemed to capture the widely held sentiment about the site today:

Some active GamerGate supporters use Patreon too, it’s not an inherently bad service. Video game journalists and certain game devs have used it repeatedly to support each other though, even though these journalists wrote about those devs without disclosing these connections. This is a conflict of interest in the eyes of many GamerGate supporters and certain members of SPJ [Edit: Society for Professional Journalists].

Various supporters of the cause have pointed to allies that use Patreon, such as Sargon, VeeMonro, MundaneMatt and Thunderf00t.

That said, it hasn’t always been quite so positive. Anywhere from a year to three months ago, it’s possible to find posts on /r/KotakuInAction that refer to Patreon as “hipster welfare.” See more about the origin of the term on Know Your Meme.      

What happens when you post about GamerGate?

The Observer’s Innovation editor “met” with GamerGate last year, in the form of an AMA on the subreddit. 

Even writing that the hack “may have been related to GamerGate” resulted in a barrage of hostile tweets far and away beyond the sort of response I get to stories on topics with much more impact on people’s lives. I had a long phone call today with a longtime organizer in the community. He explained that GamerGate frequently gets frustrated because it is characterized as a hostile group, despite the fact that many of the acts that are attributed to it are committed by third parties trolling the community.

8chan temporarily kicked out of Google search results.

Yet it’s not hard to understand why journalists are willing to believe that some portion of GamerGate might be willing to commit serious hacks or dangerous pranks, when so many members of the community are ready to pile on with hostile messages whenever GamerGate is criticized. The sheer volume of the anger the community is willing to express is itself a form of harassment.

For context, my Twitter feed generates about 3,000 impressions on a normal day (as in, each time Twitter prints one on a screen somewhere). Today, I’ve broken 35,000 impressions, and it’s not people who came to wish me a belated happy birthday.

My one post on reddit has generated 218 comments, as of this writing, ranging from helpful to hostile. Meanwhile, a whole other thread brewed on its own.

My interlocutor told me GamerGate was motivating because space for unmediated commenting on websites is vanishing. It’s not hard to understand why websites would be reluctant to keep conversations completely open in light of semi-organized mobs like GamerGate. GamerGate comments in such a mass that even if all any of its members said was “have a nice day,” it would feel threatening to some writers and alienating to other readers who want to participate with other perspectives.

I received a few tweets today that had nothing to do with GamerGate, but I’d be hard pressed to find them again in the morass of my notifications feed. If that’s what forums have become, then they might as well be shut down.

Was Vince a GamerGater?

The hardest part of changing the world is harmonizing allies.

He was probably just a troll who knows how to hack, but GamerGate needs to take some responsibility for trolls in its orbit. Vilifying, reporting and even doxxing trolls will never end GamerGate-related trolling, because GamerGate gives the trolls their food. Trolls feed on reaction, and GamerGate’s main tactic is advocacy-by-mob.

So whether or not the trolls are truly a part of the GamerGate community, its behavior feeds trolls.

Was the GamerGate hack approved of by the average supporter? No, at least not the ones on Reddit. But, was the hack GamerGate-related? In my view, yes, it was.