I hope you are well.
Thingiverse – 228,102 breached accounts
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse’s owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to Incognito by HIBP via dehashed.com.
If you have an account with Thingiverse please follow these steps:
* Change your password and make sure your new password is at least 10 characters long and contains an upper case, lower case, number and a symbol. You can even use a modified phrase or a line from a song if that helps you remember.
* Make sure you do not use the same password twice as this leaves you vulnerable to credential stuffing.
* Find a good password manager tool to help you remember all of your passwords. Some of our users say that 1Password is a good tool.
* Check out Incognito’s Email Hack Check tool. All you have to do is enter your email address and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.
Let me know if you need any help.
All the best,
Incognito Privacy Care