FYI to the 3D community It has been circulated today that one of the backup databases for Thingiverse was publicly available, had been accessed and data consequently published online. You can check to see if your account was one of the records breached by entering your email address you use for your Thingiverse account here: https://haveibeenpwned.com/ Upon entering my own email, I saw several "breaches" from various vendors over the years (unrelated to this notice) but including Thingiverse: Thingiverse: In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com. Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames I don't generally use my real info for sites like Thingiverse, but for those that have, you should be aware. At a minimum I would recommend changing your Thingiverse password right away. Here is an article with the details: https://www.databreachtoday.com/thingiverse-data-leak-affects-25-million-subscribers-a-17729 -Mike
