Creator membership platform Patreon and its former staff have confirmed that the company has parted ways with its entire cyber security team.
Security and privacy engineer, and former senior security engineer at Patreon Emily Metcalfe, confirmed the news via a LinkedIn post that the company has let its security team leave.
“So for better or worse, I and the rest of the Patreon Security Team are no longer with the company,” she said. “As a result, I'm looking for a new Security or Privacy Engineering role and would appreciate any connections, advice, or job opportunities from folks in my network.”
Patreon has confirmed the reports to the wider media, saying that it will now outsource much of the security to external organisations after having “parted ways” with five employees.
“As a global platform, we will always prioritise the security of our creators’ and customers’ data,” it said in a statement to IT Pro. “As part of a strategic shift of a portion of our security programme, we have parted ways with five employees.
“We also partner with a number of external organisations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”
Introducing IBM Security QRadar XDR
A comprehensive open solution in a crowded and confusing space
The spokesperson for Patreon said the departing employees did not constitute its entire security team, however, they declined to specify what this meant and what security roles remain filled.
Cyber security experts have criticised Patreon’s decision to remove its in-house security team and rely on outsourced services.
“So basically they went with an MSSP probably because it's cheaper,” said one user discussing the situation online.
“They probably won't find it cheaper when they get hacked years from now and all they have is PowerPoint and Excel spreadsheets saying 'don't worry you're secure' for the previous years.”
“Not having in-house security is a disaster waiting to happen,” said another.
Patreon has a fairly strong history of avoiding cyber security crises; the only major incident it suffered was in 2015 in which it was hacked and customer data was leaked.
Users’ names and email addresses were involved in the breach, and there was the potential for encrypted passwords and social security numbers being exposed, too, it said at the time.
It was later revealed that 15GB worth of data was leaked online, which also included Patreon source code and database files, as reported by Ars Technica at the time.
