Hacker Leaks Data Of Millions Of Teespring Users: Expert Commentary

A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.

The user data was leaked last Sunday on a public forum dedicated to cybercrime and the sale of stolen databases.

  • The Teespring data was made available as a 7zip archive that includes two SQL files. The first file contains a list of more than 8.2 million Teespring users’ email addresses 
  • The second file includes account details for more than 4.6 million users
  • Details included in this second SQL file a hashed version of the email address, usernames, real names, phone numbers, home addresses, and Facebook and OpenID identifiers users used to log into their accounts.

The company said the incident took place in June 2020 when a hacker managed to steal user data from its cloud infrastructure.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Humphries
Sam Humphries , Security Strategist
InfoSec Expert
January 25, 2021 10:50 am

<p dir=\"ltr\">The cloud is simply someone else’s data centre – and the same security risks apply to both. The most security-conscious companies will take steps to ensure the right data controls exist and build-in improved visibility via cloud connectors. These connectors can provide visibility into logs and user activities in cloud applications. They also help improve incident response when problems do occur by reducing security blind spots and allowing basic chain of events to be constructed in a timely manner – as opposed to begging your provider for logs and attempting to make sense of them after the fact.</p> <p dir=\"ltr\"> </p> <p dir=\"ltr\">Any cloud user, from consumer to enterprise, must understand the threat of stolen cloud credentials. Businesses must go beyond a username and password for authentication – even two factor isn’t enough in many cases. Instead consider adaptive authentication which uses environmental context to sign someone into a system, such as known locations, devices, and behaviors. All accounts should be tied back to a single managed identity, not multiple accounts for a single person.</p>

Last edited 1 year ago by Sam Humphries
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x