Eric here, official Computer Scientist (that’s what the degree says at least).
I wanted to bring up just a few things to all you amazing supporters of artists out there who ever had Patreon accounts prior to the malicious remote code execution (Hack) that resulted in the publication of your account data. The passwords are encrypted, meaning you have between 0 days and six months before your passwords become part of every script kiddies attack dictionary, which means you need to IMMEDIATELY:
* Change your password on Patreon
* Never use any password you have EVER used on Patreon EVER AGAIN on any account (the data that was stolen dates back to at least 2012, so if you’ve ever had a password on the Patreon site, that password gave it’s life in the line of service and should never be used again).
*If you are using that password elsewhere, change those to something else. ASAP.
Additionally, you should check in every so often at security researcher Troy Hunt website “Have I Beem pwned?” to see if your data is now easily accessible link: haveibeenpwned.com/
Patreon CEO Jack Conte stated that full credit card information for supporters isn’t stored on their servers. This means it’s unlikely that you’ll see weird charges or outright credit card theft, but keep an eye out for it anyway.
Their servers did contain social security numbers and tax form information…. So if you’re someone who receives money though Patreon , keep an eye out for signs of identity theft.
If you’re interested in reading more about this, I’d recommend the technology news site Ars Technica, who has been reporting on it here: