Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CafePress Data Breach exposes technical details of 23 Million users

CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers. CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers. The news was publicly reported by the data breach notification service […]

cafepress

CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers.

CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers.

The news was publicly reported by the data breach notification service Have I Been Pwned. 

After being aware of a CafePress dump circulating on the underground, Hunt asked the security researcher Jim Scott to help him in finding it.

Finally, the security duo found on a hacker forum the dump containing details for roughly 493,000 accounts.

According to Have I Been Pwned website, CafePress was compromised in February 2019 and hackers accessed personal details of 23,205,290 users.

This exposed data include email addresses, names, passwords, phone numbers, and physical addresses.

Security experts criticized the way the company managed the incident, some of them pointed out that it has attempted to cover up the breach.

https://twitter.com/GossiTheDog/status/1158484244605353984

James Scott told BleepingComputer that half of the exposed passwords were encoded in base64 SHA1, which is considered a very weak algorithm to protect secret codes.

The records associated with the remaining users included third-party tokens for logins through Facebook and Amazon.

In response to the incident, CafePress forced users to reset their password without admitting the security breach.

cafepress

Recently another company, the live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear StockX, force a password reset before to disclose a data breach.

Of course, this isn’t the best way to manage a data breach, the first thing to do is to report the incident to the authorities and the impacted users.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CafePress, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]