【3D Printing Applications】Will a Data Breach End Thingiverse? A Summary of the Thingiverse Incident
Thingiverse, a platform from 3D printer manufacturer Makerbot, was one of the first platforms to pioneer sharing 3D printing models. Since 2008, the website has provided over 2 million free models and has consistently topped the list of most popular 3D printing model platforms for years.
However, the Thingiverse data breach in October 2021 exposed the private data of 228,000 users. Reports indicate that the Thingiverse data breach affected 228,000 accounts, leaking user data such as names, dates of birth, physical addresses, IP addresses, and encrypted passwords. This incident suggests that perhaps we should regularly change these login details.
The data breach notification service provider "Have I Been Pwned" reported that Thingiverse was breached as early as October 2020, with a database containing user email addresses and personal information being leaked. Although this data had been circulating online for over a year, the data breach notification service provider only discovered evidence of Thingiverse being hacked in October 2021, and this data had already been widely circulated within hacker communities for a long time.
Thingiverse responded to the incident on Twitter, claiming that fewer than 500 users were affected and that the breach involved non-sensitive data, and that affected users had been notified.
However, data breach reports indicate that this was not the case, with many users who did not receive such notifications confirming they were part of the hack. Users expressed frustration with Thingiverse and MakerBot for failing to protect this data, and the subsequent lack of remedial measures and downplaying of the incident were also disappointing.
This is not the first time Thingiverse has proven to be a vulnerable website. In early 2018, it was revealed that some users inadvertently mined cryptocurrency through embedded code in the model comment section while browsing the platform. At the time, MakerBot claimed they had resolved this security flaw, so Thingiverse users did not need to worry about personal data leaks or take additional measures to protect their computers. Thingiverse claimed they had banned the actions of offenders, but the latest hack proved this was not the case.
Given the website's poor response to the second attack, many 3D printing creators have called for people to leave Thingiverse. Some users decided to delete their accounts because of this incident, and some artists also migrated their work to other 3D modeling platforms.
The Thingiverse hacking incident stirred up for two weeks until October 14, 2021, when MakerBot finally issued the following statement through a spokesperson:
"We have become aware of and addressed an internal human error that resulted in a small number of Thingiverse users being exposed to some non-sensitive user data. We have not found any suspicious Thingiverse accounts, and we encourage Thingiverse users to update their passwords as a preventative measure against privacy leaks. We apologize for this incident and regret any impact on all affected users. We are committed to protecting the valuable rights and assets of our stakeholders through transparent and rigorous security management."
Did you like this sharing? What are your thoughts on this Thingiverse privacy security disaster? It remains to be seen whether this latest breach will shake the website's position as the preferred 3D modeling platform. San Dima not only offers 3D printing, contact us now to learn more about our contract manufacturing services.
References
References