Patreon Fires its Safety Staff — and the Web Freaks Out


Patreon, the infamous membership monetization platform, laid off its whole safety group yesterday. Identical to that. Ouch.

The agency, which is nonetheless doing enterprise in Russia, merely calls it “a strategic shift” (which appears to be company mumbo-jumbo for “cheaper outsourcing”). However infosec consultants name it a “nightmare” attributable to an “untrustworthy” firm that’s “simply put a large goal on its again.”

AppSec/API Security 2022

And there’s an unsubstantiated rumor that Patreon has been hacked once more. In in the present day’s SB Blogwatch, we hope it’s not as unhealthy as 2015’s blackmail-fest.

Your humble blogwatcher curated these bloggy bits on your leisure. To not point out: Jack Conte is an fool.

Not OK, Jack

What’s the craic? Amanda Perelli experiences—“Patreon has laid off … its safety group”:

Patreon receives a proportion
[It’s] “a part of a strategic shift of a portion of our safety program,” the corporate stated. … The subscription platform is common amongst content material creators equivalent to podcasters and YouTubers, and it lets them join with their followers immediately and cost a month-to-month price for unique content material. … It has greater than 250,000 creators and greater than 8 million patrons.

Patreon receives a proportion — between 5% and 12% — of the earnings creators earn from their members. It additionally fees fee processing charges when subscribers make a purchase order and payout charges when funds are moved from the platform to the creator’s financial institution.

The whole group? Connor Jones is sort of totally positive—“Patreon confirms it ‘parted methods’ with its ‘whole’ cyber safety group”:

Now not with the corporate
Patreon has confirmed the experiences … saying that it’s going to now outsource a lot of the safety to exterior organisations. … “We additionally associate with numerous exterior organisations to repeatedly develop our safety capabilities and conduct common safety assessments to make sure we meet or exceed the very best business requirements. The modifications made this week may have no influence on our means to proceed offering a safe and secure platform.”

The spokesperson for Patreon stated the departing workers didn’t represent its whole safety group, nevertheless, they declined to specify what this meant. … Safety and privateness engineer, and former senior safety engineer at Patreon Emily Metcalfe, confirmed: … “I and the remainder of the Patreon Safety Staff are not with the corporate,” she stated.

Which sounds fairly “whole” to everybody else. For one, Matt Milano has no such qualms—“Patreon Simply Let Its Whole Safety Staff Go”:

It’s laborious to think about
Patreon might have simply put a large goal on its again. … Solely time will inform if Patreon’s reliance on “exterior organizations” can be sufficient to take care of … safety.

Even with its exterior partnerships … it’s laborious to think about an organization of Patreon’s significance letting its personal inside safety group go.

Maybe we’ll quickly get up from a foul dream? @TechstepWatkins hopes so:

That is the type of factor that pops up in my nightmares. … Most certainly scenario I suppose is that they’re outsourcing safety to the cloud, which kinda simply ****s over a bunch of certified safety professionals and opens you as much as being focused in the course of the transition.

What must you do? Musubi appears to talk for a lot of:

Account deletion request is in. **** retaining any private data on an internet site that appears not that pressed about retaining it secure.

Is that totally honest? Soatok nuances it up:

You might wish to delete your Patreon account
I deleted my Patreon account. … This was not a knee-jerk response. Moderately, it was a deliberate and calculated choice in response to new data: … Patreon fired their whole safety group [and] the first motivation was outsourcing [but it] has allegedly been chopping safety distributors for the previous 4 months.

I’ve been immediately liable for reviving safety groups after complete staffing shortages earlier than—albeit not on account of layoffs, so I nonetheless had some institutional data. … Rebuilding from zero with out that? Good luck.

Probably the most invaluable forex of any long-term enterprise is belief. … Firing a complete Safety Staff with out warning undermines my means to belief Patreon. … My different motivation is solidarity with the laid-off workers. [But] I’m not your boss. Should you do resolve that Patreon is dangerous or untrustworthy … you could wish to delete your Patreon account.

However not everyone seems to be in opposition to the thought. For instance, @ProfXponent:

In case your core competency isn’t safety, you might be higher off outsourcing it. This isn’t actually controversial in any respect. Sucks for the individuals who received laid off, however they are going to prob have new jobs by the top of the month.

Apparently, there’s a rumor that is punishment for the group letting a hack occur. b0afc375b5 shares anecdotal proof:

Leaked my bank card data
Anecdote: Just a few months in the past … I made a decision to assist somebody at Patreon and to try this I needed to enter my bank card particulars. Just a few days later there have been fraudulent purchases on Alibaba charged to my card. I instantly referred to as the financial institution, had my bank card frozen, reversed the transactions, and requested a brand new card.

I’ve a robust suspicion that it was Patreon that leaked my bank card data. … It was the one uncommon fee I made—the standard being electrical/web payments, meals supply, and so forth.

In the meantime, @KevinCollier sounds barely sarcastic:

Fortuitously, it’s not like Patreon handles funds from tens of millions of lively month-to-month customers. So it’s unlikely they’ll be an enormous goal for hackers.

And Lastly:

Patreon CEO admits he’s an fool—however argues it’s a good factor

CW: F-bombs and random scatology

Beforehand in And Lastly

You will have been studying SB Blogwatch by Richi Jennings. Richi curates the perfect bloggy bits, best boards, and weirdest web sites … so that you don’t should. Hate mail could also be directed to @RiCHi or [email protected]. Ask your physician earlier than studying. Your mileage might differ. E&OE. 30.

Picture sauce: Okay.C. Inexperienced



Please enter your comment!
Please enter your name here