CafePress is the custom T-shirt and merchandise company, which has been later purchased by Snapfish for more than $25 million in November 2018. According to various reports, a hacking attempt has conducted and in this data breach more than 23 million accounts have compromised, happened on February 20. Most of the people got an email from the haveibeenpwned (HIBP) breach database service.
This is the first time the people have been informed about the attack. Another report revealed that another similar organization by the name of We Leak Info added the CafePress breach to its database on July 13. As per the HIBP notification, the breach itself took place on Feb 20 and compromised a total of 23,205,290 accounts. The data was provided to Troy Hunt at HIBP from a source attributed as [email protected]
The notification of HIBP explained that the exposed data included 23 million unique email addresses, some of the compromised records also included names, physical addresses, and phone numbers. Since then, the cybersecurity researcher Jim Scott who supplied the breach data has been in touch to add that passwords, it was also amongst the compromised data.
The reports further revealed that out of the 23 million compromised users, almost half of them had their passwords exposed encoded in base64 SHA1, which is a very weak encryption method to use especially in 2019 when better alternatives are available. The remaining users who used CafePress through a third-party application such as Facebook or Amazon did not have their passwords compromised.
The CafePress breach has been exposed after a long time because according to the Mozilla monitor service, It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they have been discovered and verified. It is surprising there is still no disclosure from CafePress about the incident because the majority of data breaches often go undetected.
Now when the news is revealed we hope that more people become aware of their compromised credentials and take the necessary steps to safeguard their information. You can find out if your Email address included in the breach or not. Just browse over to the HIBP website and enter any email addresses you want to check. The database will quickly return information on any breaches that your details were found in, including the CafePress one.
Nowadays, hacking has become insanely common if users want to keep safe from hacking. They should know how to use reasonable security practices such as educating themselves about multi-factor authentication, using password managers to generate a password per site and even having a different email per site. Also, we have reached out CafePress to request a statement regarding this data breach but had not heard back at the time of publication.