What Were You Thinking, Patreon?

[mdlbear]

So, a couple of days ago (September 8th, to be exact) Patreon laid off their entire five-person security team. WTF? The linked article goes on to say,

The firm, which is still doing business in Russia, simply calls it “a strategic shift” (which seems to be corporate mumbo-jumbo for “cheaper outsourcing”). But infosec experts call it a “nightmare” caused by an “untrustworthy” company that’s “just put a massive target on its back.”

You can see links to more articles below in the resources.

The minimum reasonable response to this would be to change your password. Done that. It's not unreasonable to delete your account. I'm still supporting a few sites, so I'll leave my account in place until I see what's going to happen. And laying in a supply of popcorn.

Resources

• @ Patreon confirms it 'parted ways' with its 'entire' cyber security team | IT PRO
• Patreon confirms security team layoffs | TechCrunch
• Patreon Fires its Security Team — and the Internet Freaks Out
• Patreon Just Let Its Entire Security Team Go [Updated]
• Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team? - Dhole Moments -> excellent discussion of risks and alternatives -> changed password. Probably ought to delete account too, but I'm using it.

Another fine post from The Computer Curmudgeon (also at computer-curmudgeon.com).
Donation buttons in profile.

Comments

[ellenmillion]

I have many facepalming thoughts about this, particularly as I've been using the platform more and gaining more patrons lately. THIS IS WHY WE CAN't HAVE NICE THINGS.

[mdlbear]

For the moment, it appears to still be safe; I'm working on that assumption until I hear otherwise. I'll be keeping a close eye on it, though, and I'll be especially interested to see whether people start looking at/moving to other platforms.

[kjn]

I'm not so worried about someone like myself here, but the creators and artists who depend on Patreon for at least part of their livelihoods? It's real tricky.

[spiffyvoxel]

I have two-factor authentication turned on for my login, so I consider that reasonably secure. I'm more concerned about the possibility of someone getting my credit card details from there — Patreon is one of just a few sites with that information on file.

[cellio]

I changed my password, of course, and noticed that my credit card is expired. (That just happened.) Tried to update it, and get repeated failures. I can't even delete and re-add the card; you can't delete your only payment method and you can't add a new instance of the same number. I guess we have until the end of the month for them to fix whatever's gone wrong. Whee.

[melchar]

When Patreon stopped accepting Paypal a couple years back & demanded a bank account number to 'allow' me to send money to creators is when I quit Patreon. I found different ways to send money to the 2 sites I was supporting and was just very disappointed in what had been a fairly decent idea until then.

[freyjaw]

Yikes! Thanks for the warning. I warned a friend who has a Patreon account.