Crowdfunding Website has 15 GB of Donation Records Compromised

This week, we hear about the hack of crowdfunding site Patreon and the discovery of a large scale Japanese malvertising campaign.


Patreon Crowdfunding Website Hack Compromises 15 GB of Donation Records

Patreon Crowdfunding, a San Francisco-based company that connects artists with funders, experienced a breach on September 28, 2015. The breach resulted in approximately 15 gigabytes of lost data associated with more than two million donors. According to CEO Jack Conte, no credit card data was compromised but tax ID and social security numbers were. Although the breach exposed millions of user accounts, Patreon enlists the use of the bcrypt encryption capability that nullifies access to the users’ password details.

According to open-source reporting, the breach most likely occurred as a result of an SQL injection vulnerability caused by human error that exposed an application debug version.

The case demonstrates a key factor in all businesses—human error still prevails as a predominant cause of breaches like Patreon’s. Even with a highly advanced intrusion detection system and services and 24x7 security monitoring, it only takes a simple technical oversight to expose a business to potential legal, financial and public relations headaches.  

References: Patreon Hacked, Gigabytes of Data and Code Leaked | Hacked Patreon Data Spills Out Onto the Web | The Patreon Hack: 14 Gigabytes of Trolling

Mitigation Strategies:

  • Always review the basics of third party software’s technical documentation to ensure that your company does not expose itself
  • Network traffic analysis to detect data exfiltration
  • 24x7 Security Monitoring to provide anomaly detection
  • Log management could detect any suspicious user account activity
  • Log management could detect external IP information from the attacker if logs are configured


Japanese Sites Hit by Large Malvertising Campaign

Nearly 500,000 users have been exposed in a malvertising campaign targeting users in Japan. The hackers copied banners from legitimate ads, making them indistinguishable from real ones. The malicious ads appeared on sites that were tailored to Japanese users, like Japanese-language news sites and blogs. The ads appeared on approximately 3,000 websites in three separate instances of attacks, reaching peaks on September 7, September 13, and September 23. 

The malicious ads delivered the Angler Exploit Kit (AEK), exploiting Internet Explorer vulnerability CVE-2015-2419 and Adobe Flash Vulnerability CVE-2015-5560. Both vulnerabilities were patched this summer. The attack payload was an info stealer Trojan known as TSPY_ROVNIX.YPOB (aka Rovnix).  

A well-planed attack is always hard to detect; ensuring that browsers and third party software is up-to-date is key to mitigating potential compromise. 

Reference:  'Malvertising' on the rise as cybercriminals use Internet ads to infect computers

Mitigation Strategies:

Top 20 IP Addresses - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW - NEW