Back to Data breach

Data breach

CafePress data breach exposes personal data of 23 million customers.

On August 6, 2019, a data breach notification service, Have I Been Pwned, reported that CafePress, the popular T-shirt and merchandise e-commerce platform, had been the victim of a security breach. The breach exposed the personal details of 23 million customers, with compromised information including names, physical addresses, email addresses, passwords, and phone numbers.

The incident

Even though the data breach happened months ago on February 20, users weren't notified by CafePress. Instead, CafePress simply sent an email enforcing a password reset request to all customers without including any details regarding the data breach.

CafePress data breach exposes personal data of 23 million customers

Cybersecurity researcher Jim Scott discovered the incident and relayed his findings to Troy Hunt, an Infosec researcher who helped bring the incident to light. They identified that half of the exposed users' passwords were encoded in base64 SHA1, a very weak encryption method that's not recommended for encrypting sensitive data.

Want to stay one step ahead of the attackers? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.

How ManageEngine can help

With Log360, ManageEngine's comprehensive log management and Active Directory auditing tool, you can:

  • Utilize more than 1,000 predefined alert profiles to identify known attacks.
  • Create new alert profiles based on attack patterns.
  • Identify brute force attacks using reports on failed logons to user accounts.
  • Monitor logs from vulnerability scanners such as Nessus, Qualys, OpenVas, and NMap.

Start your free, 30-day trial of Log360.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.