Update: Temporary Disruption of Patreon Services on Open3DLab

Two days ago, I reported on an incident related to the webhook connection between the Open3DLab sites and Patreon. (Read the full story here) The error (caused by Patreon) resulted in our Patreon subscribers no longer being able to access their benefits on Open3DLab.

Since communication with Patreon has been slow, and a fix on their part was not forthcoming, I started the process of manually correcting the entitlements, and deleting the invalid pledge data generated by Patreon.

The situation should now be resolved, and you should be able to access the fast download servers once again.

Although they have promised that this will not happen again, there is unfortunately very little I can do to hold Patreon accountable for their error. I expect that there is a chance that Patreon will send a new corrective wave of webhook notifications that may result in needing more fixes if they mess up similarly to how they did the first time around. I just hope this won't be necessary.

For now, thank you for your patience, and apologies for the inconvenience.

Some notes about webhooks and privacy

Some of you noted concerns regarding the safety of your data regarding this incident, assuming this was some sort of data breach. So let me take a moment to clarify that.

No information was shared that Patreon or Open3DLab didn't already have access to. Usernames, email addresses and IDs (numeric account identifiers) are exchanged between Patreon and Open3DLab in order to make the account connection work. No additional data was shared, and most of the data that was there was partially scrubbed for development purposes. In addition, while other creators also received notifications, they only received notifications related to Patreon users who were previously subscribed to them specifically. So this is not a data breach, or privacy issue. Nobody got access to data that they shouldn't have access to.

The concern is that this data is apparently also used by Patreon's developers in their development environment. That's how notifications that were never intended to be sent ended up being send to Open3DLab. A Patreon developer tested a feature on their development machine, and because they copied webhook data from the live Patreon system, it ended up hitting the live websites/integrations of creators like Open3DLab. This is more of a sign of careless development and security practices on the part of Patreon developers. We are lucky that, in this case, only 50 creators got these notifications, there's no data breach, and that the consequences are limited and dependent on the site's individual implementations. Also refer to Patreon's statement which I've attached to this post.