Maker-funding site Patreon was hacked last week resulting in the dump of gigabytes of code and user data. User passwords were encrypted using bcrypt which suggests they are mostly safe but some users have found their data in the trove.
Founder Jack Conte wrote:
The data seems to have come from a debug version of the site that was visible to the Internet. The debug version included a “snapshot” of the production database. “We protect our users’ passwords with a hashing scheme called ‘bcrypt’ and randomly salt each individual password. Bcrypt is non-reversible, so passwords cannot be ‘decrypted.’ We do not store plaintext passwords anywhere,” wrote Conte.
Conte recommends changing your Patreon password and the password to any other site using a similar passphrase. He said no credit card information was leaked.