Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patreon Hacked, Personal Data Accessed

Posted by samzenpus on from the protect-ya-neck dept.

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

50 of 79 comments (clear)

  1. "with a 2048 bit RSA key" by Anonymous Coward · · Score: 1, Insightful

    Erm,

    Passwords should never be encrypted. Anyone who signed up should assume their passwords are fucked, especially since the private key for decrypting them (assuming this guy even knows what he's talking about) is almost certainly in the app.

    1. Re:"with a 2048 bit RSA key" by Opportunist · · Score: 1

      So ... passwords should be stored in plain text and unencrypted?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:"with a 2048 bit RSA key" by willworkforbeer · · Score: 2

      Erm,

      Passwords should never be encrypted. .

      Can you splain that LI5? Is it because you could sign up some dummy accounts, using various well-chosen passwords, then hack the whole thing and figure out the encryption from those?

      Some of us, maybe just one of us, are somewhat encryption illiterate. I'm, uh, asking for a friend who's dumb like that.

      --
      Pretending this is my office full of bitter coworkers..
    3. Re:"with a 2048 bit RSA key" by lakeland · · Score: 3, Informative

      No, they should only store the hash.

    4. Re:"with a 2048 bit RSA key" by Anonymous Coward · · Score: 1

      No, they should be hashed and salted and stir fried.

    5. Re:"with a 2048 bit RSA key" by John+Bokma · · Score: 4, Insightful
      No. A password should be used as the parameter for a one-way function ("hash function") and the result should be stored. If the user logs in, the password given should be used as a parameter for the same one-way function. If the result is the same as the value stored, the password is the same. Good properties of such a hash function is that it's slow, that the probability of result values is uniformly distributed, and that similar input values don't result in similar output values.

      Because pre-calculated tables exist it's good practice to add a "salt" to the password. Otherwise one just calculates the hash value of '1234567' and looks in the results for this hash value.

      --

      Perl Programmer for hire
    6. Re:"with a 2048 bit RSA key" by John+Bokma · · Score: 1

      As far as I can see, so correct me if I am wrong, there is no need to store the private key (needed for decrypting) if the password is stored encrypted and the password entered is also encrypted and compared to the stored result, there is no need for decryption.

      --

      Perl Programmer for hire
    7. Re:"with a 2048 bit RSA key" by willworkforbeer · · Score: 1

      I think the issue is that if the private key was exploited, then every password could be decrypted and subsequently exploited. Security best practice is to store passwords using a hash (actually, salt+hash*10000 times) because decrypting passwords should never be necessary.

      Private keys. Salt. Hash. Yep, that's ...that's exactly what I thought.
      Actually, thank you. I ... my friend should study up on these topics to be less igcryptorant.

      --
      Pretending this is my office full of bitter coworkers..
    8. Re:"with a 2048 bit RSA key" by Anonymous Coward · · Score: 1

      And if you bothered to read their actually statement about the hack (https://www.patreon.com/posts/3457485) you'd see it says:
      'We protect our users’ passwords with a hashing scheme called ‘bcrypt’ and randomly salt each individual password. Bcrypt is non-reversible, so passwords cannot be “decrypted.” We do not store plaintext passwords anywhere.'

    9. Re:"with a 2048 bit RSA key" by idji · · Score: 2

      Passwords should NEVER EVER be stored on a server for two reasons - they can be viewed by the admin who knows the key, and they can be viewed by the thief who steals them. Password hashes should be stored with salts. These can NEVER be reconstructed by anyone.

    10. Re:"with a 2048 bit RSA key" by idji · · Score: 3, Informative

      From the article We protect our users’ passwords with a hashing scheme called ‘bcrypt’ and randomly salt each individual password. Bcrypt is non-reversible, so passwords cannot be “decrypted.” We do not store plaintext passwords anywhere..
      No passwords were compromised.

    11. Re:"with a 2048 bit RSA key" by willworkforbeer · · Score: 1

      Virtual ModUp: Informative. Thanks.

      --
      Pretending this is my office full of bitter coworkers..
    12. Re:"with a 2048 bit RSA key" by Eythian · · Score: 1

      They used bcrypt, according to the article.

      "Encrypted" is often said when "hashed" is what is meant.

      You don't have private keys for hashing passwords.

      It's safest to assume that your password is compromised and act accordingly, but I doubt that it'll actually happen. bcrypt is a pain to brute-force.

    13. Re:"with a 2048 bit RSA key" by gweihir · · Score: 1

      The public does not know enough to understand what "hashed" means and even less so what bcrypt is. Hence this nonsensical talk about "encrypted" passwords. Nobody does that on server-side, not event those that have absolutely no clue.

      Bcrypt means that if you have a reasonable password and they used a reasonable cost-factor, then it is secure. It also means that a good password remains secure regardless of cost-factor, but a good password is secure after a single, non-salted conventional crypto-hash.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    14. Re:"with a 2048 bit RSA key" by gweihir · · Score: 1

      According to the actual blog-posting, the passwords are protected by bcrypt(). While they also say passwords are protected by an 2048 bit RSA-key, that is likely a mistake and refers only to credit card numbers, social security numbers and tax form information.

      Still, you do never use production data on test-systems that are not specially isolated, i.e. far more so than the production systems. This will likely be one of the first thing the security firm that they have hired will tell them. Ideally, you would only test with synthetic data, but that has rather strong limits in practice. Hence you test everything with outside connectivity with synthetic data, test everything that needs real data with the machines completely isolated and hope that is enough. Of course you also make sure to be able to roll back after deployment and of course this costs more money and needs more competent engineers than just using production data on non-isolated test systems.

      As usual, somebody needs to lose their job over this. I strongly recommend making it the person that _hired_ those that messed up or authorized this use of production data.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    15. Re:"with a 2048 bit RSA key" by Lobachevsky · · Score: 5, Insightful

      People assume the choices are "unencrypted" or "encrypted" and conclude encrypted is better. But then they're missing hashing. Encrypted data can be undone, it can be decrypted. Any encrypted data is just waiting for the day someone can decrypt it, and if the webserver is checking passwords this way, it means it's decrypting it constantly and anyone can hijack that ability.

      Hashing cannot be undone (mathematically, it's called a one-way function). There's absolutely no way to email you your original password. That's why so many websites have a "reset password" instead, because they literally don't know your password. The webserver checks your password by hashing it and comparing that output with the old recorded value.

      You'll sometimes also hear the term "salting", which basically means the webserver doesn't hash your password directly, but first appends or prepends some gibberish to your password that's unique to that webserver and then hashes it. The advantage of salting is that two webservers won't show on file the exact same hash for the same password. That means if I spend 20 years and solve the hashes for all possible passwords, I haven't unlocked every webserver on earth, I've just unlocked 1 webserver whose salt I copied, and to crack another webserver, I'd have to redo the painfully slow exercise of brute forcing.

    16. Re:"with a 2048 bit RSA key" by Stewie241 · · Score: 1

      Well... you can still brute force a lot of the passwords if you have the hash and the salt.

      Now if they encrypted the hashes then that might make for harder work.

    17. Re:"with a 2048 bit RSA key" by emj · · Score: 3, Interesting

      Don't be so sure, bcrypt was used at Ashley Madison but they still stored transformed and md5 hashed passwords in other places. Leading to this:

      http://cynosureprime.blogspot....

    18. Re:"with a 2048 bit RSA key" by tepples · · Score: 1

      True, passwords used by users to authenticate to site A need to be hashed with salt and key stretching when stored on site A. But the only way to let site A perform actions on site B on the user's behalf is to store a "password" for site B on site A's servers. For example, an RSS reader application may need to log into other sites to retrieve non-public feeds to which the user has subscribed.

    19. Re:"with a 2048 bit RSA key" by davester666 · · Score: 1

      Mmm. Time for another hit. And now, a dab of salt on the tongue. There. Now I feel like crap.

      --
      Sleep your way to a whiter smile...date a dentist!
    20. Re:"with a 2048 bit RSA key" by jaklode · · Score: 1

      Or you simply run it in production, wait for problems, and rollback :.... ;)

    21. Re:"with a 2048 bit RSA key" by parkinglot777 · · Score: 1

      hashing scheme called ‘bcrypt’ and randomly salt each individual password

      Well... you can still brute force a lot of the passwords if you have the hash and the salt.

      Could you please tell me how long would it take to get even one correct password of an account using brute-force? Then how long would you need to get all accounts' password with brute-force? You may need to look for how they 'randomly select' salt for each account in order to reduce the time, I guess.

    22. Re:"with a 2048 bit RSA key" by Stewie241 · · Score: 1

      That was more a comment on typical human nature which results in people choosing dictionary based passwords.

      Also, it depends on the cost factor as well, obviously. I don't recall seeing an indication of what it was.

      Either way, it would be fairly reasonable to try, say, the top 30000 common dictionary passwords (and other common passwords) on each hash in the table. According to http://openwall.info/wiki/john..., you can do about 1000 bcrypt hashes per second on a single core of an i7 3k series. So you can try all 30000 dictionary passwords in 30 seconds on a single core. If you ran say, 1 million passwords, it would take 30 million seconds, which is 347 days. Now if you can rent a single of these cores for say, $25 a month (which I think is conservative but it's hard to find cloud compute based on a specific processor), you would need 12 of them for a month, which would cost $300.

      Magnified by my suspicion (completely not based on any scientific study) that:
      People with weaker passwords that would be found using the dictionary attack are:
        - More likely to reuse their passwords elsewhere
        - Less likely to pay attention to news like this
        - Less likely to actually change their password other places if they do find out about this

      you will have at least some payoff.

    23. Re:"with a 2048 bit RSA key" by Anonymous Coward · · Score: 1

      Good properties of such a hash function is that it's slow, that the probability of result values is uniformly distributed, and that similar input values don't result in similar output values.

      I would add that it should be a cryptographic hash since there are hash functions used for table lookups typically matches your other requirements better (Except for them being fast.) without taking reversability into consideration.

    24. Re:"with a 2048 bit RSA key" by gweihir · · Score: 1

      That can get excessively expensive. But no doubt some semi-competent wannabe "developers" are doing it this way.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    25. Re: "with a 2048 bit RSA key" by WarJolt · · Score: 1

      Let me explain a hash. You have a one way function f(password) = hash. This function cannot be reversed. The server stored the hash and then the client sends a password and the server uses the function before comparing it to the stored hash. Passwords are NEVER stored. It's a little more complicated than that, but that's the basics.

  2. Patreon still hacked by Khyber · · Score: 1, Informative

    People with artwork happening through Patreon are almost certainly having it ripped and distributed.

    I know of hundreds of Patreon people having their stuff ripped and distributed right now.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    1. Re:Patreon still hacked by QuasiSteve · · Score: 1

      How does that relate to being 'hacked' any more than the latest blockbuster movie released on blu-ray getting ripped and distributed?

      For a good chunk of Patreon content, you don't even have to bypass much of anything (unlike blu-rays' copy protection) as they're just regular youtube-hosted videos.

      There's a good discussion to be had there about content, ip rights, piracy, the pros/cons thereof and the pros/cons of using patreon and similar system in the first place, and whether or not it's terrible when it's people just trying to make a few bucks on the side but okay when they're getting $arbitrary_amount/month off of patreon - but in the context of 'hacked', the occurrence of videos getting downloaded and re-uploaded elsewhere does not seem to fit in.

    2. Re:Patreon still hacked by QuasiSteve · · Score: 1

      To self: GP meant "ripped by people who did not subscribe to and pay for that content", obviously. Where's your coffee?

      ( This realization came right after hitting submit, but now I'm stuck behind the "It's been 10 hours since you last successfully posted a comment." barrier :) )

    3. Re:Patreon still hacked by lucm · · Score: 1

      I know of hundreds of Patreon people having their stuff ripped and distributed right now.

      I can picture you looking at your bittorrent stream, laughing maniacally as you posted this comment

      --
      lucm, indeed.
    4. Re:Patreon still hacked by Khyber · · Score: 1

      It's not even a bittorrent stream. It's a freaking website that's posting the stuff. And no need for me to download any of it when I make my own! I just know it's there through my channels.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    5. Re:Patreon still hacked by thunderclap · · Score: 1

      You are assuming there is stuff on Patreon that is worthy of being ripped and distributed right now.

    6. Re:Patreon still hacked by DarkOx · · Score: 1

      I support a couple artists on Patreon because I like the stuff they do. I enjoy viewing it and I think it is interesting enough to patronize. Both of them post their stuff to their regular free youtube channels the same day. Its essentially the internet equivalent of being busker. They going to perform their art and if you want to help them out by throwing a few bucks in their virtual violin case they appreciate it.

      There is no problem there. I don't think artists are under any illusions about how the system works or that most of their viewers probably don't contribute directly.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  3. Re:Nice by willworkforbeer · · Score: 1

    Sam Yam deserves to be hacked

    Please, finish your Dr Suess thought ... you know you wanna.

    --
    Pretending this is my office full of bitter coworkers..
  4. Patreon does what exactly? by Anonymous Coward · · Score: 1

    I've never heard of this outfit...What the fuck is it that they do? Doesn't seem that hard to give a description of the business.

    1. Re:Patreon does what exactly? by lucm · · Score: 1

      they do things that can easily be found out by googling their name

      --
      lucm, indeed.
  5. Is the private key secured? by DoofusOfDeath · · Score: 4, Interesting

    If they let someone into their servers by accident, shouldn't we / they also be curious if the private key has been stolen, even if not stored on those servers?

    1. Re:Is the private key secured? by AmiMoJo · · Score: 1

      The passwords are actually the least interesting part of the leak. There are unencrypted private messages and a user database that allows you to see who was supporting whom.

      Expect some interesting articles about people like Thunderf00t and Sargon of Akkad in the next few days. Their private messages are likely a goldmine of damning information and may help the campaign to get them de-funded.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Who? by Anonymous Coward · · Score: 1

    Their about page says absolutely nothing about them, what they do or anything. How do they have anyone using what ever service they may be providing? Does anyone do any fucking research into the "businesses" they decide to do business with?

    If a company can't put more than 2 fucking sentences about them on their about page, do they really even know who they are?

    1. Re:Who? by Anonymous Coward · · Score: 1

      Their about page says absolutely nothing about them, what they do or anything. How do they have anyone using what ever service they may be providing? Does anyone do any fucking research into the "businesses" they decide to do business with?

      If a company can't put more than 2 fucking sentences about them on their about page, do they really even know who they are?

      Paetron is a service whereby artists, musicians, etc. can seek sponsors to fund their craft. In years of old musicians and artists often had a wealthy patron; this simply makes it possible for the masses to fund their artist or musician of choice.

    2. Re:Who? by Anonymous Coward · · Score: 1

      It's like kickstarter, but there's no set goal and it pays monthly. There are many artists and content creators using it, and there are also many people who don't actually produce anything (or products of little effort), giving it the nickname 'hipster welfare.'

    3. Re:Who? by Blaskowicz · · Score: 1

      Is it like begging in the streets? which musicians still do.

    4. Re:Who? by tlhIngan · · Score: 1

      Paetron is a service whereby artists, musicians, etc. can seek sponsors to fund their craft. In years of old musicians and artists often had a wealthy patron; this simply makes it possible for the masses to fund their artist or musician of choice.

      And this hack may not seem to reveal any useful information - after all the payment information and passwords are either hashed, or not stored.

      But there's a lot of "social networking" type information - you can find out what a subscriber sponsors, and even find out how much an artist actually makes in a month. (This can be useful information if you've wanted them to do a piece on something, but they always said some other group always paid more - I know of an artist who paints and what he paints depends on which group paid the most).

      Then there are the folks who use Patreon for support... now you get to find out how much they REALLY make in a month. I know of several YouTube content creators who release videos for free, and get ad money, but also solicit funds from Patreon, as well as sell advertising on their website and other things. Sometimes just out of curiosity you wonder how much they're pulling in for this "full time job".

      Some of the analytics might prove interesting and maybe that "starving artist" you see might not be quite so starving after all.

    5. Re:Who? by RedK · · Score: 1

      now you get to find out how much they REALLY make in a month.

      Now ? This information was always public on Patreon :

      https://www.patreon.com/user?u...

      You can publicly see the number of patrons and the monthly revenue they generate. If they have their patreon set to per-creation instead of per-month, you still get the stats per-creation, as in, per-video for instance:

      https://www.patreon.com/sargon...

      So this hack doesn't even reveal that. At best, it can reveal who is a patron of who, which is not dessimated to the public.

      --
      "Not to mention all the idiots who use words like boxen."
      Anonymous Coward on Monday August 04, @06:49PM
  7. And put a logout link on the top! by khasim · · Score: 1

    While we're covering the potential errors of Patreon, how about making the logout link/button easier to find? I'm tired of closing the entire browser to clear my connection to them.

    1. Re:And put a logout link on the top! by sims+2 · · Score: 2

      I still think all websites should support a universal logout.

      Like so;

      www.google.com/logout
      www.slashdot.com/logout
      www.ihatefacebook.com/logout
      and so on.

      Most every website supports robots.txt how hard could a URL based standardised logout be?

      --
      Minimum threshold fixed. Thanks!
  8. Re: This is getting tiresome by lucm · · Score: 1

    Yes! Less nice things to buy! More bitter comments! That's the internet we deserve!

    --
    lucm, indeed.
  9. Re:So, not protected at all by Anonymous Coward · · Score: 1

    They very likely mean that they use a 2048-bit RSA key to encrypt a symmetric cipher key like AES or whatever. This is how certificates work when used for encryption (eg. SSL, etc). In fact this is how most encryption systems work (LUKS, TrueCrypt, BitLocker, etc). Your key or passphrase is used to "unlock" (ie. decrypt) a master key which is the actual cipher key.

  10. Stop using the word "hacked" by Anonymous Coward · · Score: 1

    Companies are rarely "hacked" in the traditional sense. Nine times out of ten it is an inside job or a disgruntled employee that leaks crucial details to facilitate a breach. In any case, the evidence of either is indistinguishable.

  11. Re: This is getting tiresome by lucm · · Score: 1

    But... what about porn?

    --
    lucm, indeed.