CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers.
The news was publicly reported by the data breach notification service Have I Been Pwned.
After being aware of a CafePress dump circulating on the underground, Hunt asked the security researcher Jim Scott to help him in finding it.
Finally, the security duo found on a hacker forum the dump containing details for roughly 493,000 accounts.
According to Have I Been Pwned website, CafePress was compromised in February 2019 and hackers accessed personal details of 23,205,290 users.
This exposed data include email addresses, names, passwords, phone numbers, and physical addresses.
Security experts criticized the way the company managed the incident, some of them pointed out that it has attempted to cover up the breach.
James Scott told BleepingComputer that half of the exposed passwords were encoded in base64 SHA1, which is considered a very weak algorithm to protect secret codes.
The records associated with the remaining users included third-party tokens for logins through Facebook and Amazon.
In response to the incident, CafePress forced users to reset their password without admitting the security breach.
Recently another company, the live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear StockX, force a password reset before to disclose a data breach.
Of course, this isn’t the best way to manage a data breach, the first thing to do is to report the incident to the authorities and the impacted users.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – CafePress, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…
A new variant of TheMoon malware infected thousands of outdated small office and home office…
This website uses cookies.