Patreon fires its safety crew – and the web panics

Patreon, the favored membership monetization platform, fired its total safety crew yesterday. Similar to that. Ouch.

The agency, which is still doing business in Russia, merely calls it “a strategic shift” (which looks like company gibberish for “cheaper outsourcing”). However infosec specialists name it a “nightmare” attributable to an “untrustworthy” firm that “simply places a large goal on its again.”

AppSec/API Security 2022

And there’s a unfounded rumor that Patreon has been hacked once more. in at this time SB Blogwatchwe hope it isn’t as unhealthy because the blackmail pageant of 2015.

Your humble blogwatcher curated these weblog bits in your leisure. To not point out: Jack Conte is an fool.

Disagree, Jack

What’s craic? Amanda Perelli studies—“Patreon has laid off… its security team”:

Patreon will get a share
[It’s] “As a part of a strategic change to a part of our safety program,” the corporate mentioned. … The subscription platform is in style amongst content material creators like podcasters and YouTubers, and it permits them to attach straight with their followers and cost month-to-month charges for unique content material. … It has greater than 250,000 creators and greater than 8 million patrons.

Patreon receives a share – between 5% and 12% – of the income creators earn from their members. It additionally fees fee processing charges when subscribers make a purchase order and fee charges when funds are transferred from the platform to the creator’s financial institution.

The total crew? Connor Jones is sort of totally positive—”Patreon confirms it has “parted ways” with its entire cybersecurity team”:

Not with the corporate
Patreon confirmed the studies… saying it’s going to now outsource a lot of the safety to exterior organizations. … “We additionally accomplice with quite a lot of exterior organizations to constantly develop our safety capabilities and carry out common safety assessments to make sure we meet or exceed the very best trade requirements. The adjustments made this week may have no affect on our capability to proceed to offer a protected and safe platform.

Patreon spokesperson says departing workers aren’t his total safety crew, nevertheless, they declined to elaborate on what that meant. …Safety and Privateness Engineer, and former Principal Safety Engineer at Patreon Emily Metcalfe, confirmed: …“I and the remainder of the Patreon safety crew are now not a part of the corporate,” he mentioned. she declared.

Which appears “complete” sufficient to everybody. On the one hand, Matt Milano has no such qualms—“Patreon just lets his Entire Go Security Team”:

It is arduous to think about
Patreon could have simply put a large goal on its again. …Solely time will inform if Patreon’s reliance on “exterior organizations” can be sufficient to keep up … safety.

Even with its exterior partnerships…it is arduous to think about an organization the scale of Patreon letting go of its personal inside safety crew.

Possibly we are going to quickly get up from a nasty dream? @TechstepWatkins hope so:

It is the type of factor that pops up in my nightmares. … The almost definitely state of affairs, I suppose, is that they outsource safety to the cloud, which is a good bit of a trouble for a gaggle of educated safety professionals and permits you to be focused through the transition.

What must you do? Musubi appears to talk for a lot of:

The account deletion request is in progress. **** hold any private info on an internet site that does not appear to be in a rush to maintain it protected.

Is that utterly honest? soatok shade:

You could wish to delete your Patreon account
I deleted my Patreon account. … It wasn’t a knee-jerk response. Moderately, it was a deliberate and calculated resolution in response to new info: … Patreon has fired its total safety crew [and] major motivation was outsourcing [but it] reportedly downsized its safety distributors over the previous 4 months.

I used to be straight answerable for reviving safety groups after a complete employees scarcity earlier than, however not following layoffs, so I nonetheless had some institutional data. … Rebuild from scratch with out it? Good luck.

Essentially the most useful foreign money of any long-term enterprise is belief. … Firing a complete safety crew with out warning undermines my capability to belief Patreon. … My different motivation is solidarity with the dismissed workers. [But] I’m not your boss. If you happen to determine that Patreon is dangerous or untrustworthy… it’s possible you’ll wish to delete your Patreon account.

However not everyone seems to be in opposition to the thought. For example, @ProfXponent:

In case your major ability will not be safety, it’s higher to outsource it. It is not likely controversial in any respect. It sucks for individuals who have been laid off, however they may in all probability have new jobs by the tip of the month.

Apparently, there’s a rumor that it’s a punishment for the crew that lets a hack occur. b0afc375b5 sharing anecdotal proof:

Leak of my bank card info
Anecdote: A number of months in the past…I made a decision to assist somebody at Patreon and for that I needed to enter my bank card particulars. A number of days later, fraudulent purchases on Alibaba have been charged to my card. I instantly known as the financial institution, had my bank card frozen, reversed the transactions, and requested a brand new card.

I strongly suspect that it was Patreon that leaked my bank card info. …That was the one uncommon fee I made – the standard payments being electrical energy/web payments, meals supply, and so on.

In the meantime, @KevinCollier sounds barely sarcastic:

Fortunately, it isn’t like Patreon handles funds for tens of millions of month-to-month energetic customers. They’re subsequently unlikely to be an enormous goal for hackers.

And at last:

Patreon CEO admits he’s an idiot, but argues he’s a good thing

CW: F-bombs and random scatology

Previously in And finally


Have you ever learn SB Blogwatch by Richi Jennings. Richi curates the most effective blogs, the most effective boards, and the weirdest web sites…so you do not have to. Hate messages could also be directed to @RiCHi The place [email protected]. Ask your physician earlier than studying. Your mileage could range. E&OE. 30.

Sauce image: KC Green

Leave a Comment