CafePress Suffers Data Breach Impacting Over 22 Million Customers

By   ISBuzz Team
Writer , Information Security Buzz | Aug 07, 2019 02:21 am PST

CafePress, a well-known custom T-Shirt and merchandise site, suffered a data breach that exposed the personal information of 23 million of their customers. Users became aware of the breach today, not through CafePress, but through notifications from Troy Hunt’s Have I Been Pwned service. The database contained a total 23,205,290 CafePress customer records, including email addresses, names, phone numbers, and physical addresses. About half the records also had encrypted passwords attached, with most of them hashed using an older form of encryption known as “base64 SHA1,” according to Forbes, that’s easily broken in 2019.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Martin Jartelius
August 7, 2019 10:32 am

The worst problem, in this case, is not the breach, but the affected users who have not been informed. Legislation, including for example the European GDPR, was created to handle this specific problem – it is there to decrease the risk of exposing users private information, and most importantly it is there to ensure that if a company fails to protect users, they have the right to be informed and thereby take corrective actions. The bad habit of user password reuse means that while CafePress logins may be protected by the forced password reset, any re-use of passwords may lead to consequences for users. Sadly withholding this information is a very bad practice.

Last edited 4 years ago by Martin Jartelius

Recent Posts

Would love your thoughts, please comment.x