Last month popular crowd-funding site "Patreon" saw a large-scale breach, which lead to the publication of nearly 15 gigabytes of customer data, constructed from names, addresses and donations. While a large amount of data was extracted as a result of this breach, representatives of the site reassured victims that credit card details were never exposed. Other data such as passwords, social security numbers and tax forms were stolen, but were heavily encrypted with a 2048-bit RSA key.
An email is now being distributed to victims of the hack, requesting bitcoins in order to save their leaked data. The extortionist is requesting 1 bitcoin in order to save customer details, which must be sent to a supplied bitcoin address. Upon further investigation it appears that the attached bitcoin address has seen almost no donations. The full version of the email can viewed below, shared by a victim of the hack.
Everyone whose data got leaked when @patreon got hacked is getting extortion emails for Bitcoin this morning. pic.twitter.com/xaww1GmZpw
— Steve Streza (@SteveStreza) November 21, 2015
It is unlikely that the above the email has been distributed by an individual related to the hack itself, and is rather a extortionist piggybacking on victim"s privacy concerns. With the recent increase in "ransomware", monetary demands to protect data have started to become a common occurrence. As with many incidents, this is most likely an attempt to scare victims into paying out bitcoin, rather than a danger to privacy. As the leaked data is already public, and the sender has distributed this email with a common bitcoin address, it is safe assume this is a small threat, if any.
Source: TechCrunch