Developing Situation: Something is up with Patreon
Published on 09/08/2022, 1132 words, 5 minutes to read
Hey, I don't usually write these kinds of posts, but I have been made aware of a post on twitter that seems fairly credible. It seems that the Patreon security team has been let go.
Whoa @Patreon laid off their ENTIRE security team.
Wouldn’t trust my data there. Also there’s some amazing talent to scoop up.
— Whitney Merrill (@wbm312)
September 8, 2022
This claim was followed up with this link to LinkedIn which I will screenshot below:
At this time, this is all we know. We don't know what is going on beyond the fact that one person who claims to be a former Patreon employee saying that they were let go along with their entire team. This is all we know.
I am not trying to diminish anyone's roles here, I am trying to focus on the facts of the situation in an effort to stem the tide of people wondering what is going on.
I have never seen this happen before. I don't know what this entails. I am operating under the assumption that this does not mean there's a security threat. I would encourage you to do the same. Acting rashly and panic-closing your patron account can lead to content creators' livelihoods being affected.
There is going to be a lot of misinformation going around. Trust nothing but official statements from Patreon the company. This is going to have a lot of fear, uncertainty and doubt. Resist the temptation to fall victim to the panic. This is not the time for panicking. This is the time to watch and wait. We don't know what is going on. All we know is that someone who claims to have worked at Patreon claims to have been let go.
Please don't destroy the livelihoods of the creators you support by taking rash action out of fear from the uncertainty of this event. This does not help anyone.
If anything significant happens, I'll either update this post or create a new post with the summary of changes. Until then, remain vigilant against misinformation. Lies go around the world in the time it takes the truth to tie its shoes.
UPDATE(M09 08 2022 20:40): I made a copy-pasteable message for this issue to raise awareness WITHOUT fearmongering.
Wow, today has been something else. It appears that among the other events of today there is a developing situation with Patreon. Patreon is an online company that makes it easy to support online content creators such as me, your friendly moderation orca. Patreon is one of the largest of these kinds of companies, your favorite youtubers and streamers undoubtedly have Patreon accounts.
There has been a credible-looking report that Patreon has let go of their security team. The security team at a company like Patreon is usually the most trusted team that has access to a lot of internal systems with absolute trust in many cases in similar roles in other organizations. The entire security team being let go is usually a "bad vibes" kind of sign that something weird is happening.
We don't know what is going on. All we know is that there is an allegation of something weird happening. Disinformation is going to be rampant. I would suggest that you avoid taking action until we know what is going on. Do not trust any statements from anyone or any outlet that is not Patreon the company themselves.
In addition, Patreon helps online content creators afford their monthly rent and food. It would be a bad idea to threaten that by shutting down your Patreon account or similar. Please do enable two-factor authentication if you have not. If you can afford it, look into using a Yubikey or other FIDO2 certified authenticator device (this is being added to modern devices with security hardware, so your phone may be able to act as one).
I have made a page on my blog about this with a summary of the information that I have here: https://xeiaso.net/blog/patreon-happening. I am planning to update it with the contents of this message when it is made available. If you want to spread this to other discord servers or chat apps, you may only do so if you share the complete message with every single word unedited.
Let's hope this is nothing. I am monitoring the situation and will update you and my blog if the situation changes.
UPDATE(M09 08 2022 22:03): I have been following the situation and have found a credible statement from Ellen Satterwhite, Patreon's US Policy Lead on Web Pro News. The exact statement is this:
As a global platform, we will always prioritize the security of our creators’ and customers’ data. As part of a strategic shift of a portion of our security program, we have parted ways with five employees. We also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.
I have done basic research to confirm that Ellen Satterwhite is employed at Patreon by checking on Patreon's events site here and via a prior press release here. I am moderately confident that this is a genuine statement from the Patreon team, though I would personally prefer if this statement was released on one of their official communication channels.
We still do not know anything else. There has been speculation between the group of information security professionals I am consulting with, but there is no hard evidence so we reiterate that we don't know what is going on. We do not want to cause panic. We are in the dark just as much as you are.
We hope this is just a miscommunication being blown out of proportion and we will continue to monitor the situation.
Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.