Patreon made it easier to troll its users

Scott Helme is a Information Security Consultant. He has a Patreon account on which he posts about computer security issues and which he uses to take in donations for each blog post.  Recently he found out that Patreon suspended his account:

He could still post and people could still signup to support him, but, taking a page from Paypal, Patreon prevented him from withdrawing any of the money people donated.  Eventually, Patreon completed their investigation and emailed him that he was good to go.  He eventually discovered that:

He estimates that account withdrawals were suspended for between 18 and 47 days.

Account takeovers are a real problem. Had his account been taken over, it would be good if someone couldn’t take his money out and notifying the account that they think it might be hacked could tip the hacker.  In that light, it could make sense to act as they did.

Having multiple other methods of contacting the user would have helped in this case…. well unless email, phone number and Signal were compromised. Patreon would need to prove they are who they say they are, of course. Phishing is a problem as well.

That all said, going from one fraudulent pledge to account takeover seems a stretch.

But this incident reminded me of Violet Blue‘s reporting in Engadget about a troll campaign against women AMSR video creators:

Capitalizing on entrenched and easily exploitable anti-sex policies by internet giant payment processors and a new internet sex panic ushered in by FOSTA, 8chan trolls have started a campaign to mass-report attractive women who make ASMR videos. Listing names of women making these sound-effect videos in a forum thread called “PayPal lowering the hammer on ASMRtits” they’ve declared war by posting links to report pages for PayPal, and called upon fellow haters to get the women kicked off YouTube and Patreon as well.

… and that Patreon just added another method for trolls to harass Patreon’s users.  If all it takes is for one fraudulent looking donation to pass into someone’s account to flip the Account Hacked bit, trolls will use Patreon’s process to suspend a user’s ability to withdraw their money for two to six weeks. That would screw up the life of anyone who makes a living via Patreon.

Patreon has more than a customer service problem.

Leave a Reply