https://www.theregister.co.uk/2019/09/23/cafepress_admits_breach_to_customers/
By John Oates
The Register
23 Sep 2019
T-shirt flogger CafePress has finally informed its customers about a
serious data loss dating back to February and first reported last month.
Several CafePress punters told us they had received an email this morning
warning them the company had lost customer names, emails, physical
addresses, phone numbers and unencrypted passwords. Some customers have
also had the last four numbers of payment cards and expiry dates nabbed by
hackers.
The email, addressed to "Dear Valued Customer", says that the incident
happened "on or about February 19". But fear not: "We have been diligently
investigating this incident with the assistance of outside experts."
The email claims that CafePress "recently discovered" the security hole.
But in early August, the company ran a mass-password reset following
reports that some 23 million user details were floating around on hacker
forums.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
