Thingiverse


In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse’s owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement.

Domain Entries Date Breached Hashing Privacy acknowledged?
https://thingiverse.com 228,102 2020-10-13 bcrypt, SHA-1 Public No

Information leaked

Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames


Notice any errors/mistakes in this breach entry? Please contact us and we will fix it ASAP. We strive to be the best and most accurate, so your contribution(s) will be greatly appreciated.