Crowdfunding site Patreon yesterday announced that a hacker had gained unauthorised access to its user database, as well as email addresses, posts, registered names, and some billing and shipping addresses.
In a post on the site, Patreon CEO Jack Conte stressed that his users’ credit card details, passwords and other sensitive information remained secure.
We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.
Nevertheless, the announcement also advised users to change their passwords on Patreon “as a precaution.”
According to Motherboard, Patreon uses the same password hashing system used by Ashley Madison, the dating site for married people looking to have affairs that recently suffered its own high-profile hack. Despite the hashing system, up to 11 million passwords were decrypted after hacked user data was leaked on the web.
Patreon was created by musician Jack Conte and developer Sam Yam in 2013 as a means for fans to support creators with crowdfunded monthly payments. Creators set up personal pages on Patreon, where users can pledge a given sum of money to them on a monthly basis, or every time they create a particular piece of work.
Brady Dale, a tech reporter for the New York Observer, has attributed the hack to GamerGate, a movement for ethics in journalism and cultural liberty that has been unfairly maligned across much of the media. In his report, Dale highlights the tweets of Twitter user Tulpamania, also known as “Vince,” who claimed responsibility for the hack “in the name of #GamerGate.”
However, further examination of Vince’s Twitter feed reveals that he is affiliated with the “AyyTeam,” a group known for trolling and occasionally launching cyberattacks on both GamerGate supporters and opponents. (Update: associates of Vince claim he is in fact part of the “#superextremeshitpostingteam.” An anonymous 8chan poster claiming to be a member of the same group has also posted what he claims is a link to the hacked Patreon data.) The Tulpamania account has been suspended by Twitter, but archives of previous tweets show the account’s operator claiming responsibility for the recent hack of GamerGate.me, a website that was established and run by supporters of the movement. GamerGate.me contained information on the movement’s charity activities, a Wiki page, and occasional articles from supporters.
Vince retweeted a post mocking the fact that “GamerGate is being blamed for [the] Patreon hack” when it was “actually Vince.”
This is not the first time that journalists have been fooled into blaming GamerGate for a crime. Last month, local news station WSB-TV was forced into a high-profile retraction after they were led to believe that Virginia gunman Vester Flanagan, who in August murdered two of his former colleagues before taking his own life, was a GamerGate supporter.
Dale appears to have realised that “Vince” may be trolling him, and has reached out to KotakuInAction, the GamerGate community on Reddit, for more information. “I really am not trying to attack the community,” wrote Dale. “Whether ‘Vince’ is with GamerGate or not, this is GamerGate related if the hacker did it to stir this group up. So, I want to follow up and clarify.”
Follow Allum Bokhari @LibertarianBlue on Twitter.