全站滿2000元免運費 Shop more >

[3D Printing Application] Will a Data Breach End Thingiverse? An Event Summary

【3D列印應用】數據洩露會終結Thingiverse嗎?事件懶人包

3DMART |

【3D Printing Application】Will a Data Breach End Thingiverse? Thingiverse Incident Summary

Thingiverse, a platform from 3D printer manufacturer Makerbot, was one of the first platforms to enable the sharing of 3D print models. Since 2008, the website has offered over 2 million free models and has consistently topped the list of most popular 3D print model platforms for years.
 
The Thingiverse data breach in October 2021 exposed the private data of 228,000 users. Reports indicate that the Thingiverse data breach affected 228,000 accounts, leaking user data such as names, dates of birth, physical addresses, IP addresses, and encrypted passwords. This incident suggests that we should regularly change these login details.
 
"Have I Been Pwned," a data breach notification service provider, reported that Thingiverse was breached as early as October 2020, with a database containing user email addresses and personal information being exposed. Although this information had been circulating online for over a year, the data breach notification service provider only discovered evidence of Thingiverse being hacked in October 2021, long after the data had been widely shared within hacker communities.
 
Thingiverse responded to the incident on Twitter, claiming that fewer than 500 users were affected and that the breach involved non-sensitive data, and that affected users had been notified.
 
 
However, data breach reports indicate otherwise, with many users who did not receive such notifications confirming that they were part of the hack. Users expressed frustration with Thingiverse and MakerBot's failure to protect their data, as well as the subsequent lack of remediation and downplaying of the incident.
 
 
This isn't the first time Thingiverse has proven to be a vulnerable website. In early 2018, it was revealed that some users inadvertently mined cryptocurrency through embedded code in the model comment section while browsing the platform. At the time, MakerBot claimed they had resolved this security flaw, so Thingiverse users didn't need to worry about personal data leaks or take extra measures to protect their computers. Thingiverse claimed they had banned the perpetrators' actions, but in the latest hack, this proved not to be the case.
 
Given the website's poor response to the second attack, many 3D printing creators are urging everyone to leave Thingiverse. Some users have decided to delete their accounts due to this incident, and some artists are migrating their work to other 3D modeling platforms.
 

The Thingiverse hack incident caused a stir for two weeks until October 14, 2021, when MakerBot finally issued the following statement through a spokesperson:
 
"We have identified and addressed an internal human error that resulted in the exposure of some non-sensitive user data for a small number of Thingiverse users. We have not found any suspicious Thingiverse accounts, and we encourage Thingiverse users to update their passwords as a precautionary measure against privacy leaks. We apologize for this incident and regret any inconvenience caused to all affected users. We are committed to protecting the valuable rights and assets of our stakeholders through transparency and strict security management."
 
Did you like this share? What are your thoughts on this Thingiverse privacy and security disaster? It remains to be seen whether this latest breach will shake the website's position as the preferred 3D modeling platform. San Dimas provides more than just 3D printing. Contact us now to learn more about our contract manufacturing services.

References
References