Another company has been hacked, but this time it’s one that’s working to help creative people support their work and keep the lights on as they do so: Patreon. The company facilitates ongoing, recurring payments to creative people or projects as a way of showing support for what they do.
Jack Conte, CEO of Patreon posted on the company’s blog Wednesday night:
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed.
Credit cards were not compromised because the company doesn’t hold those numbers in its database and, Mr. Conte continues, and, though hackers attempted to get to passwords, they were encrypted. The CEO advises users that that they do not need to take any action, but that updating passwords wouldn’t hurt.
The post explains that the hack occurred on September 28th and the attack surface it took advantage of was a development version of their website visible to the public.
The post when up at a bit before 11:30 pm, judging by this tweet from the company:
Patreon was not immediately available for comment on who might have been behind the attack or whether or not law enforcement has been involved.