Notebookcheck Logo

Major hack at Thingiverse results in data leak of 228,000 users

Thingiverse hack affects 228,000 users. (Image: Nahel Abdul Hadi)
Thingiverse hack affects 228,000 users. (Image: Nahel Abdul Hadi)
The data of 228,000 Thingiverse users has been circulating within hacking groups for about one year. 3D Printing Industry declared that the data breach originally occurred in October 2020 and alleged that Thingiverse has been deficient in its response to the incident. Thingiverse has recently released a statement to acknowledge the hack and claimed that the leaked user data was non-sensitive.

3D Printing Industry has stated that the personal data of 228,000 Thingiverse users has been circling online amongst the hacking community for one year. The breach, which originally occurred in October 2020, resulted in a leak of 36 GB of data cache supposedly comprising of identifiable user information. Thingiverse is an open website where anyone can post 3D models for 3D printing.

Troy Hunt, creator of the ‘Have I Been Pwned’ website, was notified of the data leak on a hacking forum on October 1, 2021. Afterwards, Hunt relayed the information about the data hack to cybersecurity intelligence firm, Information Security Media Group (ISMG). Moreover, Hunt informed ISMG that the data cache contained the emails, IP addresses, locations, usernames and actual names of subscribers. Furthermore, Hunt alleged that the data cache was derived from a compromised Thingiverse backup that was apparently kept public.

3D Printing Industry also reported that Thingiverse was hacked in December 2017 due to the openness of the website. Consequently, users of the site were susceptible to cryptomining hacks. However, MakerBot, founder of Thingiverse, assured users that the flaw had been resolved at that time.

Similarly, Hunt and others blamed the open nature of Thingiverse for the recent data breach and have criticized MakerBot for not publicly acknowledging the hack during the past year. On October 14, 2021, 3D Printing Industry reported that MakerBot finally released a public statement to apologise for the data leak incident. MakerBot has claimed that the user data was non-sensitive and leaked due to human error and also recommended relevant users of the website to change their passwords as a precaution.

Buy the Official Creality Ender 3 3D Printer on Amazon

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2021 10 > Major hack at Thingiverse results in data leak of 228,000 users
Aleem Ali, 2021-10-22 (Update: 2021-10-22)