And here we go again - this time CafePress
Hardly a week goes by that we don't see another major data breach making the headlines.
The latest company to fall victim to hackers is CafePress.
They are well-known on the internet for offering a platform where users can create their own customized coffee mugs, tee shirts and the like.
No FORMAL announcement? Thank you for the diligence of others...
The company didn't make a formal announcement about the breach, and users only became aware of it when they started getting notifications from Troy Hunt's "Have I Been Pwned" service. Once word started leaking out, Hunt joined forces with security researcher Jim Scott, who had worked with Hunt in the past tracking down other data breaches.
Working together, they discovered a de-hashed CafePress database containing nearly half a million accounts was being sold on black hat forums. The researchers could not confirm, however, if these records were related to the most recent breach, or some previous one.
23 Million Users are exposed with info including Physical Locations
In any case, as they probed more deeply, they discovered that the company was actually hacked back in February of this year (2019) and that it was a significant breach. That breach exposed more than 23 million user records. Based on their findings, the hack exposed email addresses, names, passwords, phone numbers, and physical locations.
To date, CafePress has not made a formal announcement about the matter, nor acknowledged the breach in any way. Although if you are a CafePress user, you will be forced to reset your password the next time you log on.
A Password Reset just doesn't cut it.
While that's a good step, it's completely at odds with the company's clumsy handling of the issue. Password resets do not constitute breach disclosures and notifications, and shouldn't be treated as such. File this away as an example of how not to handle a breach if your company is hacked.
What if your information was involved in a hack and you were not told about it? Contact US today to find out ways to protect yourself.
