PSA Data Breach Thingiverse

DashCam AKA Rolts on 15/10/2021 - 09:42

Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach - and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums.
News of the breach came from Have I Been Pwned: 228,000 email addresses, full names, addresses, and passwords stored as unsalted SHA-1 or bcrypt hashes.
If you have an account with Thingiverse it is probably worth your while to head over to Have I Been Pwned to search on your email address, and just to be sure you should also change your password on the site.

Internet

Related Stores

thingiverse.com
thingiverse.com

Comments

  • bdl on 15/10/2021 - 10:05
    +1

    Thanks for the heads up

  • apsilon on 15/10/2021 - 10:29
    +2

    Good reminder to check this regularly and not to reuse passwords between sites. Nothing shows up for me for Thingiverse (changed the password anyway) but does show a breach with Epik Domains in Sept. I've never heard of Epik domains but I assume they've taken over one of the domain registars I use so have updated those passwords just in case.

  • No on 15/10/2021 - 11:53

    I've been on thingiverse forever and the unique email I use for them isn't on Have I been Pwned. Did you find your details there OP?

    • DashCam AKA Rolts on 15/10/2021 - 13:44

      Mozilla alerted me, checked on Have I Been Pwned, which confirmed my account was listed as among those breached.

      • Chandler on 18/10/2021 - 13:02
        +1

        FYI, I'm reasonable sure Mozilla uses Have I Been Pwned behind the scenes.

    • timmypete on 16/10/2021 - 10:21

      My unique email (registered with Thingiverse 27 May 2021) isn't in the HIBP breach list. Found out about the leak via 1Password's watchtower feature.

  • singlemalt72 on 15/10/2021 - 13:35

    Cheers for that - changed mine now.

Login or Join to leave a comment
Login Join