Submitted via IRC for SoyCow7671
CafePress Data Breach Exposes Personal Info of 23 Million Users
CafePress, a well-known custom T-Shirt and merchandise site, suffered a data breach that exposed the personal information of 23 million of their customers.
Users became aware of the breach today, not through CafePress, but through notifications from Troy Hunt's Have I Been Pwned service.
After hearing about a CafePress data breach being circulated, Hunt solicited the help of security researcher Jim Scott who had helped him with other data breaches in the past, such as Evite.
"Security researcher Jim Scott is just fine. About 2 weeks ago I got notified by Troy that CafePress.com data breach was circulating and if I had seen it. At that time, the only public source of this data breach was from the data breach search engine WeLeakInfo and was not being sold as far as I know. With the help of my colleagues, I started to search for the database more thoroughly until I found it," Scott told BleepingComputer via email.
Research by BleepingComputer shows that a dehashed CafePress database of approximately 493,000 accounts was being sold on hacker forums. It is not known if this is related to the same breach.
According to HIBP, CafePress was hacked in February 2019 and exposed the personal information for 23,205,290 users. This exposed data includes Email addresses, Names, Passwords, Phone numbers, and Physical addresses.
(Score: 1) by fustakrakich on Friday August 09 2019, @03:42AM (1 child)
Find somebody's database that hasn't been breached/leaked/whatever.
La politica e i criminali sono la stessa cosa..
(Score: 1, Funny) by Anonymous Coward on Friday August 09 2019, @09:30AM
Australian Tax Office
(Score: 4, Insightful) by black6host on Friday August 09 2019, @03:43AM (1 child)
Nowadays, if you do business online, or even if you don't, prepare to have your data compromised. The question now is: what can one do to ensure that *when* your data becomes known there are no consequences? (That's right: no consequences. We don't want to minimize damage, we want to prevent it.)
I'm not talking about password management, or other security practices in the standard sense, those fall under keeping your info safe. You can't. Assume it's going to be had. What can one do?
(Score: 2) by DavePolaschek on Friday August 09 2019, @11:23AM
I just double-checked. I have a CafePress account, but the password was unique, so no worries on that front. And the credit card they had is one I cancelled almost a year ago due to another data breach, so clear on that front, too.
Mostly, I think the answer is to not create accounts with new companies. I’ll check out as guest, or run things through a more centralized payment service (PayPal | ApplePay | whatever). Course the flip side is that without an account, I won’t be notified of breaches, but then CafePress didn’t notify me anyhow.
Oh, and their password reset functionality isn’t working at the moment, anyhow.
(Score: 4, Interesting) by darkfeline on Friday August 09 2019, @07:52AM (4 children)
We should add one of those signs to SN, Days Since Last Data Breach News.
Join the SDF Public Access UNIX System today!
(Score: 3, Funny) by Common Joe on Friday August 09 2019, @10:24AM (1 child)
I don't know whether to mod you +1 interesting, +1 tragic, or +1 too much on topic.
(Score: 3, Informative) by Gaaark on Friday August 09 2019, @02:15PM
Mod him +1 the sign maker is out fishing
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 3, Insightful) by Freeman on Friday August 09 2019, @02:54PM (1 child)
The problem is that, if we were truly being honest. It would look like it was broken. Constantly rolling back to 0.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Funny) by DeathMonkey on Friday August 09 2019, @05:43PM
That does simplify implementation though!