verified2020-10-13

ThingiverseThingiverse breach

thingiverse.com · 228,102 records compromised

Records
228K
Breach date
2020-10-13
Domain
thingiverse.com
Data classes
7

Description

In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community . Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com .

Compromised data classes· 7

Dates of birthEmail addressesIP addressesNamesPasswordsPhysical addressesUsernames

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Patreon
Breach
Twitter (200M)
Breach
Cutout.Pro
Breach
Technic
Breach
Kickstarter
Breach
Gravatar
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.