Patreon just fired it's entire security team

Magic Pink

So I dunno you may wanna delete your accounts there.

https://twitter.com/wbm312/status/1567981004555698176

tynic

I um
oh dear.

Munkus Beaver

Oh that is an ill portent

Depressperado

Munkus Beaver wrote: »

Oh that is an ill portent

this explains the carefully sculpted screaming faces in my tea leaves this morning

mcp

Happy to hear they finished their security

Good work team

Coinage

Uh...I was subscribing to those artists ironically

Preacher

Coinage wrote: »

Uh...I was subscribing to those artists ironically

You just liked them for their articles.

Magic Pink

Depressperado wrote: »

Munkus Beaver wrote: »

Oh that is an ill portent

this explains the carefully sculpted screaming faces in my tea leaves this morning

that was a mirror, we were out of tea

Brolo

this seems like a strange department to put on the chopping block

Naphtali

I suppose it all depends* on what the security team was doing over there; if they were actually doing security day to day stuff or if they were the 1000 ft view overseeing everything and choosing directions and now patreon is just rolling their tasks/roles into existing departments (supposedly their team was 4 people out of 300 employees, from what I can tell from other sources out there if accurate). Still sucks for the people getting let go, hopefully they can find other work quickly.

* the depends being "is the sky falling" in terms of is everyone who has patreon accounts currently being compromised or not, I mean

Shadowfire

No big deal, it's not like they're dealing with any PCI related compliance stuff right?

Jedoc

*carefully pencils "every remaining creative loses their entire livelihood* into the bonus space of 2020s bingo*

KalTorak

are they trying to slim down for a merger in the dumbest possible way or what

Heffling

The AI Art has successfully taken over Patreon!

DouglasDanger

What the hell

Munkus Beaver

KalTorak wrote: »

are they trying to slim down for a merger in the dumbest possible way or what

if I had to guess there's something big about to come down the pipe regarding security vulnerabilities

Matev

Yah, this smells like "We got cracked wide open" and they're trying to damage control before the news story hits.

Inquisitor

Firing your security team is like the opposite of damage control though.

Madican

Jedoc wrote: »

*carefully pencils "every remaining creative loses their entire livelihood* into the bonus space of 2020s bingo*

There's always Fanbox if they're willing to learn Pixiv. Patreon was also notoriously hostile to the NSFW creatives so they're already using alternative services

Matev

Inquisitor wrote: »

Firing your security team is like the opposite of damage control though.

Sure, when you're stupid and do it all at once.

Munkus Beaver

Inquisitor wrote: »

Firing your security team is like the opposite of damage control though.

Unless you're afraid of a whistleblower about something that your security team was unaware of.

Zonugal

So, do I gotta delete my Patreon account now?

Give it to me, doc.

A duck!

Based on this news we should have deleted them weeks ago.

SiliconStew

Naphtali wrote: »

I suppose it all depends* on what the security team was doing over there; if they were actually doing security day to day stuff or if they were the 1000 ft view overseeing everything and choosing directions and now patreon is just rolling their tasks/roles into existing departments (supposedly their team was 4 people out of 300 employees, from what I can tell from other sources out there if accurate). Still sucks for the people getting let go, hopefully they can find other work quickly.

* the depends being "is the sky falling" in terms of is everyone who has patreon accounts currently being compromised or not, I mean

What you do at Patreon is you take the security issues from the customer and bring them down to the software engineers?
Yes, yes that's right.
Well then, I just have to ask, why can't the customers take them directly to the software people?
Well, I'll tell you why...because...engineers are not good at dealing with customers.
So you physically take the reports from the customer?
Well... No. Our support portal does that, or they're emailed.
So then you must physically bring them to the software people?
Well. No. Yeah. I mean, sometimes.
What...what would you say you do here?
Well...well look. I already told you, I deal with the god damn customers so the engineers don't have to. I have people skills. I am good at dealing with people! Can't you understand that!? WHAT THE HELL IS WRONG WITH YOU PEOPLE!?

jungleroomx

Of course they make you call a Privacy Center and it can take up to 30 days to get your account deleted

I would at least consider removing your pledges and clearing all payment methods, but if the breach is bad enough that information is probably already compromised

Raijin Quickfoot

Jokes on them. I never HAD a Patreon

3cl1ps3

This seems extremely bad!

King Riptor

I mean thankfully I use my bank card and that's usually never got money in it plus my bank issues new cards if there's a hint of security issues so I'm good.

3cl1ps3

https://twitter.com/TonyaJoRiley/status/1568022640845004801

3cl1ps3

5 people for an operation with that much transaction volume seems

insufficient

Elaro

Um, does anyone know if paying patreon through paypal is safe?

Fencingsax

Yeah, we need to know exactly what is going on, I think

Shadowfire

Raijin Quickfoot wrote: »

Jokes on them. I never HAD a Patreon

Nobody wants to pay me for anything anyway! Capitalism, baby!

Gvzbgul

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

Naphtali

The other reasons (besides trying to save a buck/outsource/general dumb corporate shit) you'd remove an entire team is if there's reason to believe someone in the department has intentionally compromised something to perform some sort of inside job and it isn't clear who did it/was involved, or rank incompetence. I'm more inclined to believe its the save a buck/dumb stuff reasoning as the others are probably a bit more of a stretch (or really worrisome if the last case)

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

if the internal security team was mostly guiding the outside contractors on what they should be doing, yes, for an org that size it could very well be

Cello

Well, submitted my Patreon for deletion

See you guys in 30 days

zepherin

Naphtali wrote: »

The other reasons (besides trying to save a buck/outsource/general dumb corporate shit) you'd remove an entire team is if there's reason to believe someone in the department has intentionally compromised something to perform some sort of inside job and it isn't clear who did it/was involved, or rank incompetence. I'm more inclined to believe its the save a buck/dumb stuff reasoning as the others are probably a bit more of a stretch (or really worrisome if the last case)

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

if the internal security team was mostly guiding the outside contractors on what they should be doing, yes, for an org that size it could very well be

It does read like someone was compromised, or some type of financial Tom foolery from the security team and they didn’t know who the culprit was.

Could also be they subcontracted security and gave oversight to a mid level manager to “manage the program.”

Could also be someone loaded a crypto miner on their servers. That’s been an ongoing problem for orgs.

Polaritie

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

Why the fuck would you outsource security?

Inquisitor

Polaritie wrote: »

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

Why the fuck would you outsource security?

Because you don’t have in-house security specialists.

Kane Red Robe

Polaritie wrote: »

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

Why the fuck would you outsource security?

So you can hire a company that's good at it instead of trying to hire a handful of folks to do it when you have no way of auditing whether they're doing a good job or not because security isn't your knowledge base.

Polaritie

Inquisitor wrote: »

Polaritie wrote: »

Gvzbgul wrote: »

3cl1ps3 wrote: »

5 people for an operation with that much transaction volume seems

insufficient

Apparently the "external organisations" we're doing most of the work already? Is that normal?

Why the fuck would you outsource security?

Because you don’t have in-house security specialists.

To be clear - that's what I mean. I understand why your standard empty suits might do it, but it's madness.