Patreon has reportedly laid off its entire security team.
CyberScoop reports(Opens in a new window) that several former employees have confirmed the layoffs, which occurred last week, and that Patreon doesn’t seem to be worried about no longer having a security team.
“As part of a strategic shift of a portion of our security program, we have parted ways with five employees,” Patreon told CyberScoop. “The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”
NBC News reporter Kevin Collier says(Opens in a new window) that Patreon said in a statement that it “partner[s] with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards.”
Many companies operate without dedicated security teams. Some have their IT department handle security for them, others turn to managed security service providers (MSSPs), and still others rely on some combination of crossed fingers, rabbit feet, and optimism.
But those companies aren’t typically as large as Patreon. The company says(Opens in a new window) on its website that more than 250,000 creators are using its platform to deliver content to over 8 million patrons. Those creators are said to have earned more than $3.5 billion—and that’s after Patreon’s fees.
Patreon is also entrusted with a lot of information about creators and patrons alike. That includes payment details, contact information, and in some cases shipping addresses used to deliver physical rewards to backers, not to mention patron-exclusive content hosted on the platform.
In a message to Patreon’s Discord server shared with PCMag, Patreon’s Senior VP of Engineering Utkarsh Srivastava said the company isn’t “scaling back investing in our security programs” and would actually be “expanding our investment in security as we continue to grow.”
There seems to be a disconnect between Patreon letting its entire security team go, as now-former senior security engineer Emily Metcalfe said(Opens in a new window) on LinkedIn, and Srivastava telling creators the company is looking to invest more in the security of its platform moving forward.
Recommended by Our Editors
Srivastava said that “there has been no security breach or incident of any kind in recent months” and that “this action was not the result of a breach or incident, external or internal.” So it’s not clear how an expanded investment in security is related to laying off security professionals.
In a statement, a Patreon spokesperson told us “more investments mean outside partnerships, engineering expertise we’ve added in recent months to our infrastructure and payments teams, and the fact that we are hiring heavily in engineering and product development right now.”
Editor’s Note: This story was updated at 2:42 p.m. ET with additional comments from Patreon.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.