Crowdfunding site Patreon revealed earlier this week that it had recently been hacked, compromising the email addresses, usernames, and shipping addresses of its users. Since then, the hackers have dumped the data online, revealing the personal information of about 2.3 million users in the process.
The data was made available for anyone to download, and Troy Hunt, owner of haveibeenpwned.com, was able to extract the information and analyze the information in the file:
New breach: 2.3M email addresses from the Patreon breach. 12% were already in @haveibeenpwnedhttp://t.co/U0QyHZxP6k
— Have I been pwned? (@haveibeenpwned) October 2, 2015
So far, the hackers, who identify themselves in a README file in the dump as the #SuperExtremeShitpostingTeam, haven't expressed any motive for the hack other than doing it for the lulz.
"We are being meticulous and rigorous in the investigation."
In a statement released to Motherboard, Patreon CEO Jack Conte said that the company is working closely with the authorities to reduce the risk for users. "Patreon engineering has done a thorough analysis of the vulnerability that led to the breach," he writes. "We are being meticulous and rigorous in the investigation, and based on conversations with dozens of advisors and security experts, I’m highly confident that we’re doing everything in our power to minimize the impact on our users."
In the meantime, Patreon members should change their email passwords immediately to avoid issues.