Patreon: Some user names, e-mail and mailing addresses stolen
At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.
by Cyrus Farivar – Oct 1, 2015 3:30pm EDT
Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.
The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.
Jack Conte, the co-founder and CEO, wrote in a statement:
We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.
Conte specified that user passwords are hashed with bcrypt and salted as well, but he encouraged patrons to change their password anyway as a precaution.