Thingiverse

Have I Been PwnedConfirmed breachAdded October 14, 2021Occurred October 13, 2020228,102 accountsthingiverse.comAll Thingiverse breaches →

What was exposed

Dates of birthEmail addressesIP addressesNamesPasswordsPhysical addressesUsernames

What to do if you were affected

Change your password for this account, and anywhere you reused it. Turn on two-factor authentication.
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
Be wary of targeted scams that use your personal details to sound convincing.

Details

In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community . Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com .

Frequently asked questions

What is the Thingiverse data breach?

When did the data breach happen?

This data breach occurred around October 2020.

How many accounts were affected?

Around 228,102 accounts were affected.

What information was exposed?

Exposed data included Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses and Usernames.

What should I do if I was affected?

Change your password for this account, and anywhere you reused it. Turn on two-factor authentication. Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Be wary of targeted scams that use your personal details to sound convincing.

View on source ↗

Related breaches