TheQuartering [9/12/2022]
Patreon has reportedly laid off its entire security team.
CyberScoop reports(Opens in a new window) that several former employees have confirmed the layoffs, which occurred last week, and that Patreon doesn’t seem to be worried about no longer having a security team.
“As part of a strategic shift of a portion of our security program, we have parted ways with five employees,” Patreon told CyberScoop. “The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”
NBC News reporter Kevin Collier says(Opens in a new window) that Patreon said in a statement that it “partner[s] with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards.”
Many companies operate without dedicated security teams. Some have their IT department handle security for them, others turn to managed security service providers (MSSPs), and still others rely on some combination of crossed fingers, rabbit feet, and optimism.
But those companies aren’t typically as large as Patreon. The company says(Opens in a new window) on its website that more than 250,000 creators are using its platform to deliver content to over 8 million patrons. Those creators are said to have earned more than $3.5 billion—and that’s after Patreon’s fees.
Patreon is also entrusted with a lot of information about creators and patrons alike. That includes payment details, contact information, and in some cases shipping addresses used to deliver physical rewards to backers, not to mention patron-exclusive content hosted on the platform.
In a message to Patreon’s Discord server shared with PCMag, Patreon’s Senior VP of Engineering Utkarsh Srivastava said the company isn’t “scaling back investing in our security programs” and would actually be “expanding our investment in security as we continue to grow.”