Back in late September Patreon had a security breach – without going in to too much detail, hackers gained access to a “test” version of the site they had made publicly available over the internet, the content used on this test site was a dump from their production site – definitely an oversight on their part, and one I’m sure they wont be repeating!
I have a Patreon account for my music (that I have not really used TBH, someday I hope to put some effort back in to it…) so my data was included in the leaked information, as side effect I received the below email this morning:
What did I do? I put it straight in the trash.
If you receive a similar email, do not respond/send any money/panic the only information gathered from the hack were some names, postal addresses and content posts – nothing a hacker could use against you, below is a quote from Patreon on the leaked information:
There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon.
So in a nutshell, don’t panic if you receive a similar email, this is just mind games from people that have gained access to the leaked information (easily available with a quick Google search…)