More than 2.3 million user email addresses from the crowdfunding portal Patreon have found their way onto the Web after the site was hacked earlier this week. Security expert Troy Hunt has told Motherboard that the data dump is “definitely legit” and will have Patreon users checking their inboxes nervously over the weeks ahead.
If you’re registered on the Patreon site, the best course of action for now is to change your password, as Patreon’s CEO Jack Conte recommends. If you use the same password on other sites and accounts — though you really shouldn’t — then make sure these are changed too. While the hack has exposed usernames, passwords, and postal addresses, no credit card information is stored on Patreon’s servers.
Expert analysis of the data dump suggests the hackers have got away with more than the usual payload: It looks like some of the site’s source code and users’ private messages have been exposed too. Members of the Patreon community should assume that everything they’ve done on the site is now public and available to anyone who wants to download it.
“It is our team’s mission to help creators get paid for the immeasurable value they provide to all of us, and earning your trust to provide that service in a safe and secure way is Patreon’s highest priority,” writes Conte in Patreon’s official response. “Again, I sincerely apologize for this breach, and the team and I are making every effort to prevent something like this from happening in the future.”
You don’t have to scroll too far back in the Digital Trends news archives to find details of a recent server hack: Data breaches such as this one are becoming more commonplace and it’s up to the services themselves to put adequate security measures in place. All end users can do is make sure they choose a strong, unique password for each of their apps and sites, treat emails asking for login details with suspicion, and keep a close eye on the activity happening in all of their accounts.