CyberNews Briefs

CafePress Slammed After Major Breach Affecting 23 Million

Infosec professionals are criticizing online retailer CafePress for failing to adequately inform users that the platform recently suffered a major breach that exposed the personal data of 23 million customers. The breach occurred in February of this year and according to breach notification site Have I Been Pwned “the exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes.” SHA-1 is a weak algorithm for encrypting data.

CafePress has so far failed to publish a breach notification on its website or Twitter page. The firm is forcing users to change their password, but users are being told this is the result of changes to the platform’s password policy, while the data breach is not mentioned.

Read more: CafePress Slammed After Major Breach Affecting 23 Million

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.