CafePress Suffers Data Breach Impacting Over 22 Million Customers

CafePress, a well-known custom T-Shirt and merchandise site, suffered a data breach that exposed the personal information of 23 million of their customers. Users became aware of the breach today, not through CafePress, but through notifications from Troy Hunt’s Have I Been Pwned service. The database contained a total 23,205,290 CafePress customer records, including email addresses, names, phone numbers, and physical addresses. About half the records also had encrypted passwords attached, with most of them hashed using an older form of encryption known as “base64 SHA1,” according to Forbes, that’s easily broken in 2019.

Experts Comments

August 07, 2019
Martin Jartelius
CSO
Outpost24
The worst problem, in this case, is not the breach, but the affected users who have not been informed. Legislation, including for example the European GDPR, was created to handle this specific problem – it is there to decrease the risk of exposing users private information, and most importantly it is there to ensure that if a company fails to protect users, they have the right to be informed and thereby take corrective actions. The bad habit of user password reuse means that while CafePress.....Read More
The worst problem, in this case, is not the breach, but the affected users who have not been informed. Legislation, including for example the European GDPR, was created to handle this specific problem – it is there to decrease the risk of exposing users private information, and most importantly it is there to ensure that if a company fails to protect users, they have the right to be informed and thereby take corrective actions. The bad habit of user password reuse means that while CafePress logins may be protected by the forced password reset, any re-use of passwords may lead to consequences for users. Sadly withholding this information is a very bad practice.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.