CafePress Data Breach Exposes Personal Info of 23 Million Users

"upstart" writes:

Submitted via IRC for SoyCow7671

CafePress Data Breach Exposes Personal Info of 23 Million Users

CafePress, a well-known custom T-Shirt and merchandise site, suffered a data breach that exposed the personal information of 23 million of their customers.

Users became aware of the breach today, not through CafePress, but through notifications from Troy Hunt's Have I Been Pwned service.

After hearing about a CafePress data breach being circulated, Hunt solicited the help of security researcher Jim Scott who had helped him with other data breaches in the past, such as Evite.

"Security researcher Jim Scott is just fine. About 2 weeks ago I got notified by Troy that CafePress.com data breach was circulating and if I had seen it. At that time, the only public source of this data breach was from the data breach search engine WeLeakInfo and was not being sold as far as I know. With the help of my colleagues, I started to search for the database more thoroughly until I found it," Scott told BleepingComputer via email.

Research by BleepingComputer shows that a dehashed CafePress database of approximately 493,000 accounts was being sold on hacker forums. It is not known if this is related to the same breach.

According to HIBP, CafePress was hacked in February 2019 and exposed the personal information for 23,205,290 users. This exposed data includes Email addresses, Names, Passwords, Phone numbers, and Physical addresses.

Original Submission

Read more of this story at SoylentNews.