Cyber Incident Victim: Patreon

In October 2015, hackers compromised the Patreon donations platform and subsequently released nearly 15 gigabytes of stolen data publicly. The dumped information included password data, donation records, private messages between users, campaign details, and the identities of supporters. Security researcher Troy Hunt analyzed the leaked data and confirmed its likely authenticity, noting that it originated from Patreon’s servers. Hunt highlighted the presence of internal source code within the breach as evidence of a significant compromise, suggesting attackers achieved deeper access than a typical SQL injection attack would allow. Patreon officials acknowledged the breach and stated user passwords were protected with bcrypt hashing, a robust method designed to resist decryption attempts. However, Hunt identified 2.3 million unique email addresses within the dataset, including his own, confirming the broad scope of impacted accounts.

The exposure of source code raised concerns about potential secondary risks, as access to this material could enable attackers to uncover encryption keys protecting highly sensitive information such as Social Security numbers. The leaked donation records and private messages revealed granular details about user activity, including mappings between supporters and the specific campaigns they funded. Patreon did not disclose how or when the breach was initially detected, nor did they outline specific containment measures beyond the password security assurances. The data became permanently accessible online after being widely circulated and reposted across multiple platforms. Users were advised to change their Patreon passwords and update credentials on any other services where they had reused the same passwords, reflecting the enduring risk of credential-stuffing attacks leveraging the exposed email addresses. The breach cemented personal and financial details of millions of users into the public record indefinitely.