This article is from Trend Micro.
MakerBot’s Thingiverse, a website where users can share 3D printing templates and designs, was recently the victim of a major data breach that resulted in the exposure of over 2 million users’ passwords and email addresses.
The breach was initially reported to have affected 228,000 email addresses, but TJ Horner, a software engineer who worked at MakerBot, analyzed the leaked data and found that it actually affects more than 2 million users. Horner added that the breach includes OAuth tokens that may have been used to remotely access and take control of MakerBot printers.
Thingiverse posted a statement regarding the data breach on Twitter, but their view of the scope of the breach — specifically the number of users affected — is much smaller than seems to be the case.
Thingiverse’s Twitter statement
Thingiverse claims that less than 500 users were affected but in addition to TJ Horner, Troy Hunt, the creator of HaveIBeenPwned.com, believes otherwise. HaveIBeenPwned provides notifications to users when their email addresses are part of known breaches, and Troy has confirmed that the Thingiverse breach has affected far more than only 500 users. Troy stated on Twitter that at least 10,646 HaveIBeenPwned users were notified of the breach and a lot of them have been confirmed as Thingiverse users, too.
Troy Hunt isn’t in agreement with Thingiverse
As of right now, it does in fact appear that 2,292,189 Thingiverse records have been exposed, including people’s email addresses, passwords, full names, usernames, addresses, IP addresses, and birthdates. Thingiverse users are advised to change their passwords as well as the passwords of their other accounts that share the same email or password to avoid any further security issues.
Is your email address pwned?
Here at Trend Micro, we’ve developed an app specifically designed to meet the challenges that data leaks bring.
Available on Android and iOS, ID Security scours the dark web for any mention of your data (email address, passwords, bank account information, and more) and in the event of it being sold or shared by cybercriminals, it will alert you. Its key features include:
Click the button or scan the QR code below to try the free 30-day trial version today! If you found this article interesting and you think it would be useful for others, please share it with family and friends.