Creator membership platform Patreon and its former staff have confirmed that the company has parted ways with its entire cyber security team.
Security and privacy engineer, and former senior security engineer at Patreon Emily Metcalfe, confirmed the news via a LinkedIn post that the company has let its security team leave.
“So for better or worse, I and the rest of the Patreon Security Team are no longer with the company,” she said. “As a result, I'm looking for a new Security or Privacy Engineering role and would appreciate any connections, advice, or job opportunities from folks in my network.”
Patreon has confirmed the reports to the wider media, saying that it will now outsource much of the security to external organisations after having “parted ways” with five employees.
“As a global platform, we will always prioritise the security of our creators’ and customers’ data,” it said in a statement to IT Pro. “As part of a strategic shift of a portion of our security programme, we have parted ways with five employees.
“We also partner with a number of external organisations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”
RELATED RESOURCE
Introducing IBM Security QRadar XDR
A comprehensive open solution in a crowded and confusing space
The spokesperson for Patreon said the departing employees did not constitute its entire security team, however, they declined to specify what this meant and what security roles remain filled.
Cyber security experts have criticised Patreon’s decision to remove its in-house security team and rely on outsourced services.
“So basically they went with an MSSP probably because it's cheaper,” said one user discussing the situation online.
“They probably won't find it cheaper when they get hacked years from now and all they have is PowerPoint and Excel spreadsheets saying 'don't worry you're secure' for the previous years.”
“Not having in-house security is a disaster waiting to happen,” said another.
Patreon has a fairly strong history of avoiding cyber security crises; the only major incident it suffered was in 2015 in which it was hacked and customer data was leaked.
Users’ names and email addresses were involved in the breach, and there was the potential for encrypted passwords and social security numbers being exposed, too, it said at the time.
It was later revealed that 15GB worth of data was leaked online, which also included Patreon source code and database files, as reported by Ars Technica at the time.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Capita finally admits breach affecting 4% of its serversNews It also allegedly misled the public about when the breach took place
-
Don't be scared of outsourcing your security needsAnalysis Outsourcing can be a good thing - provided we avoid the stereotypes - claims Davey Winder...
-
Symantec unveils security outsourcing servicesNews Security company launches two services aimed at IT outsourcing
-
The outsourcing value propositionIn-depth Reducing operational cost is the primary driver of outsourcing, but what value are companies really getting from the deal?
