Thingiverse hacked

Breach: Thingiverse
Date of breach: 13 Oct 2020
Number of accounts: 228,102
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames
Description: In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse’s owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by


1 Like

Probably the most important thing is: If you had a thingverse account and used the same password for anything else, particularly email, then change it on other sites as well.

These days, password reuse is a really common attack vector for account takeovers and fraud.

I expect that most of you know this already.