Home > News

Thingiverse Hacked: Has your data been leaked?

If you're using the Thingiverse platform, it's probably worth resetting those passwords
Last Updated on December 1, 2023
thingiverse hacked
PC Guide is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Read More
You can trust PC Guide: Our team of experts use a combination of independent consumer research, in-depth testing where appropriate - which will be flagged as such, and market analysis when recommending products, software and services. Find out how we test here.

HaveIBeenPwned.com have added Thingiverse to their list of breached websites yesterday, 14th October. Thingiverse is a go too for 3D printing .STL files and hobbyists worldwide, which apparently has some sketchy security protocols.

Thingiverse allows users to upload and download files of 3D models that can be sliced and printed on STL and Resin 3D printers. They have an easy-to-follow license system that makes sure users get credited for their own work which gave them control over creative use for their designs.

Thingiverse sample data set of the leak on a popular hacking forum (Image source: raid forum/ISMG)

Troy Hunt, the creator of Have I Been Pwned, has been trying to reach out to Thingiverse and their New York-based parent company Maker Bot for days before notifying the public of a data breach:

The breach was originally discovered by Pompompurin, an avid cyber researcher, who hasn’t taken to kindly to someone else claiming the discovery to promote their website it seems:

Thingiverse Hacked – How Did It Happen?

Long story short, they left a backup in a public directory. A misconfigured S3 Bucket opened up their cloud environment, which meant the information was publicly readable and exposed to a data breach. FYI, if write privileges were enabled too, malware and encryption methods could have easily held a company like Maker Bot/Thingiverse to ransom.

This is becoming a repeat issue with big businesses with Silicon Valley VC firm Play And Play Ventures having the same issue. Luckily, the Thingiverse data breach didn’t have any full passwords written down, but some date of birth information was present. Just to be safe, we’d recommend logging in and changing your password just to be safe.

For the latest tech news, make sure to bookmark and keep an eye on our News Hub.

Christian 'Reggie' Waits' is a contributor to PC Guide, having written a wide array of how to and buying guide content.