[HN Gopher] Patreon laid off their ENTIRE security team ___________________________________________________________________ Patreon laid off their ENTIRE security team Author : BlackLotus89 Score : 103 points Date : 2022-09-08 21:56 UTC (1 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | matrix_overload wrote: | I think, a healthy dose of skepticism is in order. This news | traces down to one LinkedIn post [0] from one person claiming | that them "and the rest of the team" is no longer with the | company and are looking for work. | | They have 3 clear motivations to exaggerate the situation: | | 1. Disgruntled employee wanting the employer to look dumb. | | 2. Oversensationalize the news to attract more attention to their | "looking for a new job" message. | | 3. Oversell their role in the company in hopes of getting more | interviews. | | For what it's worth, "me and the rest of the security team" could | be one person with a handful on interns doing an experimental | project in the security area. Like, trying to achieve 100% formal | validation of a massive codebase, on top of existing engineering | practices. Such ambitious projects do get axed at the first sign | of a downturn, and it would not be a reason for panic. | | I would exercise caution and stick to quantifiable facts before | concluding that Patreon is run by idiots. | | Patreon would, in turn, have a motivation to deny the layoff, so | the truth is somewhere in between. A good independent metric | would be other verifiable LinkedIn users confirming that they got | sacked as well. | | [0] https://www.linkedin.com/posts/emetcalfe_opentowork- | activity... | NowhereMan wrote: | Maybe I won't have to log in to Patreon every week now. | nebula8804 wrote: | The fact that I might have actually seen this person at DEFCON | just a few weeks ago seems so cool to me. Its like my world on | HackerNews is colliding with real life(for the first time). I | wonder if this is how people feel when they meet celebrities? | | Also, that is one cool badge as their pinned post, I didn't see | that one this year. I always miss out on the cool badges at | DEFCON. | datalopers wrote: | So Patreon will announce a massive user data leak tomorrow? | tartoran wrote: | That's not unheard of, could be just prepping with the security | team lay off. But it's mere speculation at this point | ok_dad wrote: | Unless the whole team was complicit and malicious, there's no | need to fire them all for something like that. That would just | performative and does nothing to fix any issues. | jiveturkey wrote: | well, how big is the ENTIRE security team? LinkedIn only shows up | 4 people. Don't know what a typical percentage would be expected | to show up there. | golemotron wrote: | I'm scratching my head that someone who does security and | privacy as their job puts this out on Twitter. Aside from the | messed up ethics, it's not a good look while job hunting. | altruios wrote: | that sounds like a royal fuck up... cleaning house is... unusual | right... for an entire security department? | dogman144 wrote: | Security teams hedge risk and respond to realized risk | (security incidents). | | Unless it is the fuck ups of all fuckups, companies that fire | security teams for a security gap that got hacked will never be | able to hire a security team again that's competent. They'll | get people trying to break into the industry, but not capable | vets. | | Behind 99% of security incidents is a lack of funding, | staffing, or "no we have to deploy to prod soon, sorry." The | very large sprawl that Series B -> pre-IPO sec teams have to | address is staggering. Pre-IPO is usually the latest point that | funding, staffing, support shows up. | jiggawatts wrote: | I've seen this happen once when there was an insider attack | from within the IT department involving multiple staff. | | Instead of trying to figure out who the bad actors were and who | could still be trusted, the directors simply fired everybody in | the team. | | I was brought in as an outsider on the Friday evening to | reverse engineer their passwords and basic network info so that | they could continue to operate on Monday morning. | isatty wrote: | I have also seen a large security team gutted because of some | royal fuckup. It was at a large-ish startup, but they | retained enough people to operate day to day till | replacements could be hired. | Brian_K_White wrote: | Funny how the same reasonable logic doesn't ever seem to | apply to the people saying it. | | Those same directors are part of the same organization and | are responsible for the actions of everyone under them. That | responsibility is supposedly WHY they get to enjoy those big | paychecks. | | But somehow "everyone involved has to go" still doesn't | include them... | maerF0x0 wrote: | Rules for thee and not for me | okdood64 wrote: | > reverse engineer their passwords | | Elaborate? | nebula8804 wrote: | Go on...did you manage to keep operations running on Monday? | | Everyone else has all the cool stories meanwhile here I am | aspiring to live Homer Simpson's lifestyle. Oh well. | sleepybrett wrote: | I've never worked at a company where the security | department was actually key to uptime. Mostly they are | responding to design proposals/consulting with engineering | teams, responding to scanner alerts, etc. | noodleman wrote: | Normally, I'd first go with "So what did they do wrong?". | | But since it's the _security_ team, I 'm gonna go with Patreon is | in dire financial straits and this is the tip of the iceberg. | sleepybrett wrote: | how could they not be rolling in cash. their product is not | that sophisticated and i assume they take a decent haircut from | every subscription. Seems like a money printing machine to me. | nebula8804 wrote: | Furthermore, if Patreon goes then a lot of indie people are | royally screwed. So many demonetized Youtubers or people at | risk of being booted depend on Patreon. | jimbob45 wrote: | SubscribeStar does basically the same thing, right? I | imagine everyone would just move right over, business as | usual. | paranoidrobot wrote: | It's not that straightforward. | | For the Creator, even if you exclude the things that | interact with Patreon to do the benefit-management bits, | you have to also do any KYC/Identity verification bits, | re-setup account transfers. | | Then you need to reach out to all your supporters and | convince them to move over. They're going to lose some | percentage of those people -- how much is going to depend | on the creator and the fanbase. Some people are just | going to ignore it, every single one of them though are | going to re-evaluate that math in their head as to | whether they really want to continue supporting that | person. | | Patreon also has major brand-awareness. Someone telling | you to move over to SubscribeStar, Liberapay, Buy Me a | Coffee or whatever might get a "This seems like a scam" | type reaction. | throwaway5959 wrote: | I'm not sure if demonetized YouTubers going down is the end | of the world. | | Edit: found the alt-righters | nebula8804 wrote: | Normally you'd think its just right wingers and yeah a | lot of their garbage ends up demonetized but its also | people that are pro-Union, anti-establishment (right wing | and left wing), people who are anti-empire/anti-war/anti- | Israel/Pro-palestine (Abby Martin for example). Craziest | example I heard of recently is people who post anti-Tesla | videos are getting attacked and demonetized by their | fanboys. | egypturnash wrote: | The queer lefty independent webcomics scene leans on | Patreon a lot too, I'm one of them. | tartoran wrote: | If there's a need in the market someone will step in and | fill the void. Probably it's for the best if they don't get | greedy and keep it simple, shave a bit as a fee and that's | all. | nebula8804 wrote: | Tell that to Parler and the aftermath of their disastrous | data leak. There needs to be more respect for the effort | that goes into making well built online services. Turns | out its much harder than a lot of people realize. | shawn-butler wrote: | OnlyFans is just waiting to be "legit" | TillE wrote: | I have faith in their ability to screw up a good thing for no | reason. | | A couple years ago, they tried to change their whole payment | system so each subscription was billed individually, racking | up more fees for patrons. They kept defending it and | _finally_ backed down at the last minute after a ton of their | biggest creators yelled at them. | simlevesque wrote: | They serve videos. That can be easily more costly than the | cut they get. | bparsons wrote: | Don't they use Vimeo? | ZephyrBlu wrote: | Patreon takes the lowest cut of any platform. Only something | like 12% vs most others taking 20-30% or more. | | E: see this video https://youtu.be/bGvfYv5nzs0?t=138 | picardo wrote: | > Seems like a money printing machine to me. | | Only if the creatives are making their money on _their | platform_. | | Since Patreon's entire business model is based on taking a | cut of the revenue artists make on their platform, they don't | make money if the artists make money elsewhere. Many | creatives use Patreon only for fan outreach, and sell | merchandise outside of Patreon. | | If Patreon charged a fixed rate for their software, they | could make more money, but they would lose the business of | small creatives. That's the dilemma. | dorkwood wrote: | More people turning to things like Stable Diffusion instead | of commissioning artists likely has an effect too. | LegitShady wrote: | Patreon has raised hundreds of millions (https://www.crunchba | se.com/organization/patreon/company_fina... - according to | this $414M in 10 rounds) in venture capital. | | Meanwhile in January they said they had taken in a total of | $3.5 billion in creator lifetime funding. At lets say 8% | average cut that means they've made a total of $280M in their | whole history, although earlier accounts got grandfathered at | the original 5% rate I think. We'll go with 8% to be | generous. Even at 12% that means total lifetime income for | patreon is $420M, around the same as their VC funding. | | Then they have to pay all the processing fees, their own | development and operational staff, etc. Then they have to pay | back their VC money. | | VC funding killed patreon. | dagi3d wrote: | you don't have pay back your vc's you raised from(unless | you raised debt). another story is that their investors | might have forced them to cut costs and make everything | needed to become profitable as soon as possible. | 6stringmerc wrote: | That guy from Pomplamoose taking Patreon to VCs is what | killed it. | sailfast wrote: | Good point. I also can't help but notice their CEO | monetizes almost entirely on YouTube with scary pockets and | other videos. | robocat wrote: | > VC funding killed patreon. | | A company is worth it's future cash flows. You are making | an argument about the sunken costs which does have some | relevance to individual funds. | | You don't get 10 rounds of investment without a convincing | argument (or believable story) for future profitability at | each round (even if some rounds turn out to be duds later). | maerF0x0 wrote: | > But since it's the security team, I'm gonna go with Patreon | is in dire financial straits and this is the tip of the | iceberg. | | a couple additional cases that can cause a security team to be | laid off: | | 1. Outsourcing or Offshoring | | 2. evidence of significant corruption or incompetence within | the team requiring a full reset | midislack wrote: | Didn't they also just steal the Flipper money? | bagels wrote: | Do you have any references for this? I've no idea who you're | accusing (the employees or Patreon) or what Flipper money is. | klyrs wrote: | That's paypal | | https://news.ycombinator.com/item?id=32739950 | vouaobrasil wrote: | Sounds rather scary but I would like to hear both sides of the | story. I don't like guessing and passing judgment with basically | a single sentence describing something that could have more to it | than meets the eye. ___________________________________________________________________ (page generated 2022-09-08 23:00 UTC)