A data breach at CafePress has left the information of more than 23 million people in the hands of evildoers. The popular merchandise website endured a data breach recently reported by the data breach public awareness service dubbed “Have I Been Pwned”. Below, our IT consulting team on Long Island takes a closer look at the hack.
About the CafePress Hack
News of the CafePress infiltration quickly spread throughout online hacking forums. The “data dump” contained detailed information for nearly half a million CafePress accounts. Have I Been Pwned reports CafePress was digitally violated in February of 2019. All in all, the personal information of 3,205,290 CafePress users was improperly accessed. The data in question range from customers’ physical addresses to their phone numbers, passwords, email addresses and even full names.
CafePress’s Response to the Hack
Digital security gurus have been quite critical of the manner in which CafePress higher-ups handled the data breach. Some digital security gurus even go as far as insinuating the company attempted to cover up the data breach. CafePress relied on base64 SHA1 to encode approximately half of the passwords. This is problematic as base64 SHA1 is regularly critiqued as a comparably weak algorithm to safeguard sensitive data. The scope of the hack even extended to records including third-party tokens for Amazon and Facebook logins.
Our IT consulting team on Long Island is here to help prevent such a nightmare from occurring at your business. Let us review your digital safeguards today to determine if you are properly prepared for digital attacks.
CafePress Forces Users to Reset Passwords
Sadly, CafePress leaders forced customers to reset passwords without letting them know a breach occurred. The proper way to handle a data breach is to report the breach to the proper authorities and notify the affected users without delay. The response from CafePress is especially concerning as company executives attempted to play off the password reset as a new password policy. In reality, more than 23 million user accounts had been exposed to hackers. This is the type of disaster our managed services team on Long Island could have prevented. One has to wonder if CafePress will make a concerted effort to heighten its digital security safeguards. When the movement for clearer disclosures following data breaches reaches a tipping point, those at the forefront will likely credit the CafePress hack as the impetus for change.
At Total Technology Solutions, our IT consulting team on Long Island can help prevent a data breach at your company. Reach out to us for more information about our digital security solutions.