back to article Patreon patrons: It's password-reset time

Popular Internet patronage and crowd-funding site Patreon has been popped, with user data stolen. This short notice at the site says, however, that it didn't keep credit card numbers on-site, and believes that the most important user data remains protected – “all passwords, social security numbers and tax form information …

Silver badge

That was rather predictable

I mean seriously, the people working at that company think having a login screen that depends on external Javascript is a good idea. They ignored bug reports for _months_. They work with newbie web developers who apparently pride themselves in their experience (at least the Patreon website does).

3
0
Silver badge
Devil

Re: That was rather predictable

On the bright side, those newbie developers will achieve grizzled veteran status pretty quick and might just learn something.

But overall.. I think it's pretty pathetic that they never thought it could happen to them.

0
0
Silver badge
Facepalm

Re: That was rather predictable

"I mean seriously, the people working at that company think..."

Amen to that! Seriously, "script kiddie" is an academic title compared to the level of crass amateurism going on on that site. I have to reload the front page about three times on average just to have it finally load at all. You get completely different front page for the exact same URL coming from outside or from within the site. You can search directly for a creator's name (featured prominently IF you find the guy by other means) and get zero results just because it's not their page's "official title" (so you better know that one or have a direct link...). There is absolutely no way to prod them to re-try charging your card for pending pledges if you ever hit a snag - you just try to muck with your payment details randomly hoping they'll retry when you hit "update" on the exact same card; sometimes they do, sometimes they don't. You can write them with explicit complaints and they'll thank you, admit you're right and promise to do something about it ASAP then of course nothing ever happens. It's just... ridiculously bad.

1
0
Silver badge
FAIL

"via a debug version of our website that was visible to the public"

I know it's cool to work from home but put it behind a VPN, nobody wants to see it hanging out in public.

3
0

Can't even bolt the stable door

Having been emailed to remind me that I had a Patreon account which I'd forgotten that I'd created, I promptly set about deleting the account, only to discover:

1. You have to email them from your account's email address (not useful if you're using inbound aliases);

2. According to this recent Reddit topic, "deletions" are processed manually/slowly and actually consist of putting your account into a private mode, not deleting your data.

Am I securitying proper?

3
0

Re: Can't even bolt the stable door

"putting your account into a private mode, not deleting your data."

Seen that before, on a err...dating site... a friend of mine frequents. Hope nothing bad happens to my friend.

2
0

Thanks for the heads up

I am just off to the bank to close everything I can that has anything to do with them.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018