Thingiverse Data Leak


No signs of plain text password in the data leak according to the article. Might want to change your Thingiverse password just to be on the safe side.


Always a good idea to change your password when you see this. Also a good idea to keep changing it. You never know when leaks will happen.

1 Like

Since apparently at least some of the passwords were not salted, assume they were cracked. Change your password on thingiverse, and on any other site on which you used the same password.

I had some confusion in changing my password (got wrong password in password safe temporarily) and I haven’t yet gotten the password reset emails I tried. I think their systems might be a little swamped. So when you change your password, make sure you don’t lose track of the new password! :relaxed:


I went for the password reset today around 1:00p PST and didn’t get the password reset until 6:08p PST but after 15 minutes waiting for the reset email I just went and changed my password manually and will leave it at that for now.


I fear the loss of forums or public sights that don’t have “too much” personal information. You know Google or Facebook knows more about you than you do. When AT&T made it known Yahoo was broken into about 2 years before the public knew that sort of got my attention. I had not used Thinigverse for many months and did need to go there so I changed my password. Got to wonder if they were after the keys to the “tip jar”.

The leak was a staging database; the point being to test production-like data before running new code in production. The entire database dump was apparently floating around on the “dark web” for a year or so before someone noticed, so it looks like it wasn’t so much that “they” were targeting thingiverse per se for anything. Rather, that there was a data leak that anyone might use for their own purposes.

Probably the most valuable thing there were the passwords because so many people use the same passwords on multiple sites. And the passwords were not well protected, according to the reports. That’s the “not salted” part; it makes passwords a lot easier to harvest.

The folks deleting all their thingiverse things are not really doing anything that would effectively “punish” anyone for this leak. It’s just leaving lot of links on the internet dangling and making it harder for people to follow references.