The latest victim of hacking is Patreon, a crowdfunding website. The story broke out a few days ago but, apparently, management had five more days to do something about their website's security flaws. Included in the hack are user email addresses and private messages sent to each other. Also included in the hack are campaign details and supporters. The leak totals almost 15 gigabytes worth of data, The Market Business reported.
It has since been uncovered that 8chan user "Vince" has claimed responsibility for the attack. "Vince" is a board volunteer on Baphomet, a community in 8chan that primarily deals with hacking and raiding other websites. It has also since been observed through tweets that the Patreon hack could have something to do with GamerGate.
GamerGate started last year as backlash against perceived breaches in journalistic integrity. The term also refers to Internet users based mainly on Twitter who claim a lack of transparency in video game journalism affects the industry.
In relation to this, Patreon was previously pressured to pull out a documentary called "The Sarkeesian Effect" which tackled "social justice warriors," the main adversaries of GamerGate. Supporters of GamerGate have been vocal about their opposition to the documentary, Observer reported.
Tweets from @Tulpamania who is supposedly "Vince" coincides with the hack. The account has since been suspended. 8chan, which is also a popular gathering place of GamerGaters, was also recently sold by proprietor Fredrick Brennan to 4chan and he was retained as a paid administrator.
The hack to Patreon itself used a security flaw that practically anyone could exploit. A Web application tool known as the Werkzeug Utility Library was allowed to run on a public-facing subdomain. Detectify researchers found out about the vulnerability and informed Patreon on September 23.
ARS Technica reported that "by design, the debugger will get activated whenever a covered Web app experiences an error or exception. As a result, even unauthorized people who visited Patreon could activate the debugging tool, as long as they could trigger some sort of bug on the site. That's precisely the way Rosén (Detectify researchers) said he suspects hackers breached Patreon."
