“Alright, Gramps, so next you need to delete System 32…”
Reports have come in that Patreon has let their entire security team go. Granted, that apparently like, 5 people, but still. Not exactly the sort of thing that inspires confidence.
Patreon, on the other hand, doesn’t seem to be too concerned. As they told Cyberscoop via spokesperson:
As part of a strategic shift of a portion of our security program, we have parted ways with five employees. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.
NBC News reporter Kevin Collier goes a bit more in depth with Patreon’s plans moving forward.
The remainder of the statement Patreon made:
We also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards. The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.
In short, they’re outsourcing. And they probably planned on doing this for quite some time, based on what a former employee, who chose to remain anonymous when talking to Cyberscoop, said. According to this employee, the security team had been understaffed for a while prior to their being laid off, and had cut down on their use of external security vendors over the previous four months.
There are no qualified security personnel. There is no one there to utilize the tools that we had in place.
The company, however, is spinning this all as a means of investing in security. On Patreon’s Discord server, Patreon’s Senior VP of Engineering Utkarsh Srivastava says that they’re not “scaling back investing in our security programs”, but rather that they’re “expanding our investment in security as we continue to grow.”
A spokesperson told PC Mag the following:
…more investments mean outside partnerships, engineering expertise we’ve added in recent months to our infrastructure and payments teams, and the fact that we are hiring heavily in engineering and product development right now.
That said, Patreon’s not like a lot of other sites that are outsourcing their security. They have a very large number of creators (over 250,000), being supported by a much larger number of patrons (over 8 million), all with sensitive financial info on their platform. There’s a lot of money involved, too; those creators collectively earned $3.5 billion, and that’s after Patreon’s service fees.
So, you know, not necessarily inspiring the greatest confidence.
Source: PC Mag