Hacker Leaks Data Of Millions Of Teespring Users: Expert Commentary

A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.

The user data was leaked last Sunday on a public forum dedicated to cybercrime and the sale of stolen databases.

  • The Teespring data was made available as a 7zip archive that includes two SQL files. The first file contains a list of more than 8.2 million Teespring users’ email addresses 
  • The second file includes account details for more than 4.6 million users
  • Details included in this second SQL file a hashed version of the email address, usernames, real names, phone numbers, home addresses, and Facebook and OpenID identifiers users used to log into their accounts.

The company said the incident took place in June 2020 when a hacker managed to steal user data from its cloud infrastructure.

Experts Comments

January 25, 2021
Sam Humphries
Security Strategist
Exabeam

The cloud is simply someone else’s data centre – and the same security risks apply to both. The most security-conscious companies will take steps to ensure the right data controls exist and build-in improved visibility via cloud connectors. These connectors can provide visibility into logs and user activities in cloud applications. They also help improve incident response when problems do occur by reducing security blind spots and allowing basic chain of events to be constructed in a timely

.....Read More

The cloud is simply someone else’s data centre – and the same security risks apply to both. The most security-conscious companies will take steps to ensure the right data controls exist and build-in improved visibility via cloud connectors. These connectors can provide visibility into logs and user activities in cloud applications. They also help improve incident response when problems do occur by reducing security blind spots and allowing basic chain of events to be constructed in a timely manner – as opposed to begging your provider for logs and attempting to make sense of them after the fact.

 

Any cloud user, from consumer to enterprise, must understand the threat of stolen cloud credentials. Businesses must go beyond a username and password for authentication - even two factor isn’t enough in many cases. Instead consider adaptive authentication which uses environmental context to sign someone into a system, such as known locations, devices, and behaviors. All accounts should be tied back to a single managed identity, not multiple accounts for a single person.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.