Thingiverse

In October 2021 a massive data leak involving the 3D printing community site Thingiverse was discovered. The breach originated from a publicly accessible MySQL backup file hosted on an unprotected S3 bucket. The data set totaled approximately 36 GB and included sensitive information from over 228 thousand unique users. Compromised records contained cryptographic hashes of passwords using outdated SHA-1 or modern bcrypt algorithms along with physical addresses and internal metadata. This incident highlighted significant vulnerabilities in the platforms cloud storage configuration.