“There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed,” explained CEO Jack Conte in a blog post.
“We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key. No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon.”
It’s one of the most high-profile breaches yet of a music-related service, and as Conte admitted, trust is particularly important to a crowdfunding firm like Patreon.
“I take our creators’ and patrons’ privacy very seriously. It is our team’s mission to help creators get paid for the immeasurable value they provide to all of us, and earning your trust to provide that service in a safe and secure way is Patreon’s highest priority,” he wrote.
Patreon has grown steadily over the past couple of years since Conte founded it in 2013. The company raised $15m of (traditional VC) funding in June 2014, and by March 2015 was paying out $2m a month to its network of YouTubers, musicians and other creators.
Musician Amanda Palmer made headlines when she joined the platform that month: she currently has more than 6,000 patrons paying her $36.7k per “thing” that she releases.