Thingiverse
MediumSensitive user data from Thingiverse was leaked, exposing 228,000 user records.
- Records exposed
- 228,102 records
- Breach date
- Breach Oct 13, 2020
- Last update
- Updated Oct 14, 2021
What data was exposed?
Fields reported as compromised in this breach record.
Why does this breach matter?
In-depth analysis of the breach and its implications.
In October 2021, a backup database from Thingiverse was exposed, containing sensitive user information from October 2020. This breach affected over 228,000 individuals, whose information, including email addresses, usernames, IP addresses, names, and passwords stored as unsalted SHA-1 or bcrypt hashes, was leaked. The file also included comments on models and, in some cases, physical addresses, leading to concerns over identity fraud and privacy violations.
Impact Analysis
Understanding the scope and consequences of this breach.
- User Impact
- Affected users risk exposure of personal information including passwords and physical addresses, potentially leading to unauthorized access and identity theft.
- Business Impact
- This breach undermines user trust, damages reputation, and imposes potential legal implications for non-disclosure.
- Affected Sectors
- Technology and Hobby Sharing Platforms
- Geographic Impact
- Global due to Thingiverse's user base
What You Should Do
Recommended actions to take in response to this breach.
If You Were Affected
- •Change passwords immediately, especially on Thingiverse and associated accounts.
- •Inspect online accounts for unauthorized access or signs of misuse.
- •Be vigilant of phishing attacks targeting exposed email addresses.
Preventive Measures
- •Use strong, unique passwords for different services and implement MFA.
- •Regularly audit online accounts for unusual activity.
- •Advocate for businesses to use strong encryption methods like salted hashes for passwords.
Frequently Asked Questions
Common questions about this breach and what it means for you.