Patreon, the platform we use for ongoing crowdfunding of Massively OP, recently suffered a data breach. We do not have any reason to believe that usable sensitive data were yoinked at all, let alone from our specific Patrons, but we wanted to keep you apprised. Here is the email we were sent this morning:
Dear Massively Overpowered,
Yesterday we learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. We apologize to you for this breach of trust. The Patreon team is working especially hard right now to ensure the safety of the community.
There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all social security numbers and tax form information remain safely encrypted, and all passwords securely hashed. No specific action is required of you, but as a precaution we recommend that all users update their passwords on Patreon.
For further details, we encourage you to read this update from our CEO and reach out to us with any additional questions at security@patreon.com.
Sincerely,
The Patreon Team
So it appears that the hackers captured primarily names and email addresses. Passwords and financial data appear to be safe. Massively OP’s Patreon program began in May of 2015, so if you signed up for Patreon just for us, your billing addresses should be fine (if you signed up long before that, though, the hackers might have your billing address as well — thanks Sally for reminding us of this). Following Patreon’s advice to change your password is standard procedure.
We’ll keep you posted as we learn more, but for now, we don’t have any reason to panic. As always, we appreciate our Patrons!