Patreon proactively reviews breaches across the web to protect creators and patrons that might be at-risk due to using shared or insecure passwords.
If it appears a password you used on the internet might have been breached (a common way to check this is the website Have I been pwned?) we may proactively expire your password on Patreon to protect your account.
Patreon does not store passwords, it stores the "BCyrpt hash" of the password and we then check that the password you're logging in with matches it. The most common way that your password might have been exposed online is through one of three methods:
- Password reuse – they stole your password from another service that does not store them correctly.
- Phishing – A phishing attack happens when someone tries to trick you into sharing personal information online. Phishing is typically done through email, ads, or on sites that seem similar to sites you already use. For example, you might get an email that seems like it’s from your bank asking you to confirm your bank account number.
- Malware – while this is rarer, it can happen that malware logs the passwords you are typing into your browser. Check your browser for suspicious add-ons or plugins and make sure your browser and operating system are updated.
How can I protect myself in the future?
- Never give your password out to someone you don’t know or publish it in an email.
- Set a secure password, using a passphrase or service like 1Password
- Turn on two-factor authentication for an additional layer of account security.
- Make sure your email account is secure. Anyone who can read your email can likely also access your Patreon account so make sure to change the passwords for all of your email accounts and make sure that no two are the same.