The Thingiverse website has suffered a data breach which resulted in the email addresses of nearly 228,000 users surfacing on black-hat crime websites. 

Have I Been Pwned (HIBP), whose administrator Troy Hunt was informed off to the breach's dissemination on the forums, published the 228,000 hacked email addresses to the site, which led to the news coming to notice. 

The 36 GB data cache, which was first disclosed in October 2020, is reported to contain unique email addresses as well as other information that might be used to identify people. Whereas these details have been floating around the internet for over a year, data breach notification service provider 'Have I Been Pwned' has now discovered proof that they are "extensively circulating within the hacking community." 

On Twitter, Hunt said that the leak had exposed more than two million email addresses. He clarified that the bulk of the email addresses were webdev+$username@makerbot[.]com, which looked to be generated by Thingiverse itself based on their structure. 

Thingiverse that hosts free-to-use 3D printer designs is managed by Makerbot, a 3D printing company that was previously featured on these web pages in 2015 when it announced layoffs despite failing to fulfill "ambitious goals" 

Hunt stated on Twitter that Makerbot was unresponsive to his private overtures, prompting him to go public in the hopes of persuading someone that the source of the hack should be closed down. 

"We became aware of and have addressed an internal human error that led to the exposure of some non-sensitive user data for a handful of Thingiverse users. We have not identified any suspicious attempts to access Thingiverse accounts, and we encouraged the relevant Thingiverse members to update their passwords as a precautionary measure. We apologize for this incident and regret any inconvenience it has caused users. We are committed to protecting our valued stakeholders and assets, through transparency and rigorous security management," Thingiverse told The Register.