ROUNDUP: Patreon Fires Its Security Team
Why that's not as bad as it may sound, plus how to stop doomscrolling, and why companies update phones every year.
A lawyer at Crypto & Privacy Village tweeted Thursday afternoon that Patreon had laid off their entire security team.
In a followup tweet she pointed to a LinkedIn post from Emily Metcalfe that said that she "and the rest of the Patreon Security Team" were no longer with the company and she was looking for work. Patreon's US policy head, Ellen Satterwhite, told TechCrunch that Patreon had laid off five members of its internal security team, but did not clarify how many employees were on the team. She also told TechCrunch that Patreon works with external organizations to “develop our security capabilities and conduct regular security assessments.”
That is all anyone outside Patreon actually knows. Now to the guesses.
First of all, most-- not all but most-- of Patreon's financial security concerns are handled by outside vendors already including PayPal, Stripe and other payment processors. So if your first reaction was that your payment information was under threat it likely is not.
That leaves all the personal data Patreon does manage, like name, email address, and mailing address among others. And it likely includes some payment account info though not payment processing. However, this does not mean Patreon has nobody running its security. It is likely using something like a Managed Security Service Provider or MSSP. In other words, they outsourced it. We're in the realm of guessing now, but it's a fair guess that one of the C-level executives manages security, feels confident in that role, and wanted to increase availability and decrease cost. Your mileage may vary on whether you think MSSP is better worse or equal to an in-house team. It's a classic on-prem off-prep question, which you enterprise tech folks are very familiar with.
This does not bother me much, since I don’t believe Patreon is going to leave the site unsecured. It bothers me a little that I don’t know who is in charge of its security, since I have so much of my business tied up in Patreon. Though I didn’t personally vet its internal security team before, so it really shouldn’t matter much who they chose externally. So what really bothers me is the lack of communication about it. Granted, companies make internal moves all the time and even outsource things all the time without havign to deal with communicating it to the public. But security is a top priority for creators and Patreon has suffered a breach in the past so it should take that into account. More information is better and we have got sorely little from Patreon in this instance.
Here’s other stuff that happened this week that I covered.
How to Stop Doomscrolling
Meta Connect Coming October 11th
HTC Announces Facial and Eye Tracking for Vive
Why Phone Makers Update Every Year
Meta Disbands Responsible Innovation Team
US Details How it Will Spend CHIPS Act Money
Google Adds 5.1 Surround Support to YouTubeTV on Apple and Amazon
Feremented Powder to Replace Meat Protein and Huge Tracts of Land
Nvidia GeForce Announcement Coming September 20
Google Pixel Annoucnement Coming October 6
If you’re a paid subscriber, you can read more on all of those below!
Keep reading with a 7-day free trial
Subscribe to Tom Merritt Tech Newsletter to keep reading this post and get 7 days of free access to the full post archives.