Breach, Compliance Management, Data Security, Privacy

Scammers attempt to extort Patreon users: ‘I have your tax forms and SSN’

Scammers are sending extortion emails to Patreon supporters threatening to release their private data unless they pay 1 Bitcoin (approximately USD $324.01) within 48 hours.

The email claims that it has obtained the backers tax ID, tax forms, SSN, DOB, and credit card details. Dave Bagnall, host of a tech and gaming YouTube channel, was one of the many Patreon users who received the email threat.

“Now, I can go ahead and leak your details online which would damage your credit score like hell and would create a lot of problems for you,” the emails warn.

The email is nearly identical to the text of an email forwarded to by a reader whose data was breached as a result of the Patreon hack in September.

Patreon announced on Saturday on its blog and via Twitter, “I can assure you that the person sending these emails is lying.”

The blog post mentioned that its tax forms are encrypted with RSA 2048-bit encryption and that tax forms are only required of Patreon artists in the U.S. who earn more than $600 per year or non-US based creators who “have received a payout from us.”

“I suggest you report this email as spam and ignore any further emails. Do not send them bitcoin,” the blog post suggested.

In late September, after the crowdfunding site was breached, Patreon published a similar notice on its blog, informing users that the web site does not store full credit card numbers on its servers, and all passwords, social security numbers and tax form information is encrypted with a 2048-bit RSA key.  “No specific action is required of our users, but as a precaution I recommend that all users update their passwords on Patreon,” wrote co-founder and CEO Jack Conte.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.