AaronMk

Patreon Hack

Recommended Posts

http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online/

http://observer.com/2015/10/the-patreon-hack-14-gigabytes-of-trolling/

http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-website-flaw-5-days-before-it-was-hacked/

 

tl;dr - A reported SJW was looking for dirt or to stir up new drama in the GamerGate world by attacking GamerGate sites and then moved on to try and crack open Patreon to access information on major GamerGate personalities to use as dirt probably.

What the means for everyone else: several million names, passwords, addresses, and private conversations are now public knowledge. If you're using Patreon then you may have been compromised. However: passwords aren't compromised yet. The site uses the same encryption method as Ashley Madison which was hacked not long ago. However: like Ashley Madison the method Patreon uses too can be broken since the source code of the site has been compromised as well, meaning that individuals can reverse-engineer the site to decrypt passwords in a more timely fashion that it would be to do it 'proper' (or spending more time that it would be worth for them).

Still, provided the passwords aren't accessed tax info, home addresses, and emails and conversations are open meaning it's not easier to mess with someone. This hack affects personalities from YouTube to art, and if anyone streams they could be put at a higher risk of swatting once people know their home address.

 

I came across this when surfing /mlp/. They were already sifting through to inspect the breadth and degree of the hack and compiling a at-risk list. But the original thread died so I don't have the list. But besides that some were happy that porn artists now got smashed open because they don't like the idea of paid porn. So if you don't do porn and kept shit censored until someone pays you over Patreon then you shouldn't need to worry about /mlp/.

Share this post


Link to post
Share on other sites

Does it make me a bad person, that to this day, i don't know what GamerGate is?

No.  It might mean you have your priorities straight in the real world with what's important and what isn't. 

  • Like 1

Share this post


Link to post
Share on other sites

Does it make me a bad person, that to this day, i don't know what GamerGate is?

No one knows what it even is anymore.

 

It's just another way of saying Tumblr vs 4chan now.

Share this post


Link to post
Share on other sites

Does it make me a bad person, that to this day, i don't know what GamerGate is?

I once tried to figure it out. I wasn't able to do that. It's strange, and somehow related to many bad things on the internet.

I guess every user of patreon got a mail about this security breach, no?

What the means for everyone else: several million names, passwords, addresses, and private conversations are now public knowledge. If you're using Patreon then you may have been compromised. However: passwords aren't compromised yet. The site uses the same encryption method as Ashley Madison which was hacked not long ago. However: like Ashley Madison the method Patreon uses too can be broken since the source code of the site has been compromised as well, meaning that individuals can reverse-engineer the site to decrypt passwords in a more timely fashion that it would be to do it 'proper' (or spending more time that it would be worth for them).

Question: How can you reverse engineer encrypted passwords with the source code of a site? Almost every encryption is based on open source software. Just by knowing the algorithm you can't reverse engineer a password, at least not in a feasible amount of time.

Edited by Alpha268

Share this post


Link to post
Share on other sites

Question: How can you reverse engineer encrypted passwords with the source code of a site? Almost every encryption is based on open source software. Just by knowing the algorithm you can't reverse engineer a password, at least not in a feasible amount of time.

I wouldn't know how but it's something that's brought up in at least one of the articles. They don't go into specifics but I suppose there's something in the code that would be used as a key to make it easier. The method Patreon apparently uses can be cracked, but it takes forever according to their writers. But being able to abuse an overlooked error or flaw would allow someone to bypass it.

I once tried to figure it out. I wasn't able to do that. It's strange, and somehow related to many bad things on the internet.

When I was alerted to it the whole thing moved on to a fight over a contest for women in gaming. Apperantly the person running that fell on bad-terms with the What's-Her-Face that's become a new face on the gaming side of the current generation of feminism. So much so she blasted him publicly and threatened to kill the contest simply because the two had personal disagreements. He tried to appeal to Reddit but failed there and turned to /v/ where he found support. They single-handedly managed to put the project back on its feet and put it back on track for funding and then submitted a few polite things to it.

Of course when What's-Her-Face found out she flipped out and the war got deeper. I only learned later that the original accusations was this chick getting good reviews on her "meh" game because she slept with the reviewers behind her boyfriend's back.

I guess every user of patreon got a mail about this security breach, no?

Not sure. But some things I've seen from people who use Patreon indicate that not everyone's been told.

 

Share this post


Link to post
Share on other sites

Yay more useless nonsense happening in the internet, wake me up when facebook gets hacked because reasons.

Share this post


Link to post
Share on other sites

Does it make me a bad person, that to this day, i don't know what GamerGate is?

I can assure you that 0% of the world's population know exactly what GamerGate is. If you look it up, you'll probably find conflicting stories regarding how it's about ethics in gaming journalism or whatever, but you really probably shouldn't bother. As User said, there are better things to worry about, and that drama shouldn't really affect you. What's important is that you follow your conscience and intellect.

Share this post


Link to post
Share on other sites
 

1: I wouldn't know how but it's something that's brought up in at least one of the articles. They don't go into specifics but I suppose there's something in the code that would be used as a key to make it easier. The method Patreon apparently uses can be cracked, but it takes forever according to their writers. But being able to abuse an overlooked error or flaw would allow someone to bypass it.

2: Not sure. But some things I've seen from people who use Patreon indicate that not everyone's been told.

 

1) Thanks for clarifying. I'll just accept it. It's shocking how companies who work with the user's money fail to secure their data. It's not like it is impossible...

2) And that's just poor management by patreon. At least in Germany we have a law for that, which forces you to notify your customers when private data is stolen.

 

What's important is that you follow your conscience and intellect.

This is so true. Get an upvote.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now