Saturday, 21 November 2015

Patreon members getting blackmailed: Ignore that email...

During October, the Patreon website was hacked and a whole load of information was downloaded by the nasty little hackers involved. Now the blackmailers have decided to get in touch?


We were reassured by Patreon at the time of the hack that everything was OK and it was suggested that we change our password - sort of like closing the barn door after the horse has escaped, but anyway, I did.

Now more than a month later a nasty little blackmailing email arrives in my inbox, reading as follows:

 ----- Original Message ----- 
From: sharingservices@aol.com 
 To: xxxxxx@yahoo.com ; xxxxx@ceafoundation.org ; xxxx@gmail.com 
Sent: Saturday, November 21, 2015 1:54 PM 
Subject: Mia recommends - I will leak your identity 

Unfortunately your data was leaked in the recent hacking of the Patreon web site and I now have your information. I have your tax id, tax forms, SSN, DOB, Name, Address, Credit card details and more sensitive data. Now, I can go ahead and leak your details online which would damage your credit score like hell and would create a lot of problems for you. 

If you would like to prevent me from doing this then you need to send 1 bitcoin to the following BTC address. 

Bitcoin Address: 1QAQTyhCzAfvp8uLpneBNamWTNRR1hx9Cp 

You can buy bitcoins using online exchanges easily. The bitcoin address is unique to you. Sending bitcoin takes take, so you better get started right now, you have 48 hours in total. 
So I immediately went online and visited the Patreon site. No mention of any blackmail emails at that stage, so maybe I was the first? Anyway, I left a message in the help section of the site and have now finally received an email back. Apparently they have since heard from a lot of angry people, who also got the blackmail email.

Below is their response.  Basically we must just ignore the email - don't send any bitcoin to this nasty little character, whatever you do. Let's face it, he bears no relation to Mr Robot.  If anyone knows how to report the little bastard to Bitcoin, please go ahead!

Patreon Staff (Patreon)
Nov 21, 9:15 AM
Hey there,
Apologize for the blanket email but yet, we have received reports of emails being sent to many of the email addresses leaked in the breach, so you are not the only one who has received this threat.
Fortunately I can assure you that the person sending these emails is lying.
All tax forms are well protected because they are encrypted with RSA 2048-bit encryption. Additionally, tax forms are only required for US based creators that have earned more than $600 in a year, or non-US based creators who have received a payout from us.
Our system does not have access to your full credit card details, the only portion that gets passed to us is the last four digits of the number.
The unencrypted information that was leaked in the data breach does not present a risk to your credit score or identity theft. I suggest you report this email as spam and ignore any further emails. Do not send them bitcoin.
I'm sorry that you had to encounter this and I appreciate you sending it our way. Let me know if you have any additional questions.
Best,
Patreon
The only thing Patreon didn't reply about was my question about PayPal, which is how I support a musician on Patreon.

So there you go. If anyone has any more information, like, for e.g. whether the hacker can do something nasty with our PayPal accounts, please comment below.

No comments:

Post a Comment