On August 6, 2019, a data breach notification service, Have I Been Pwned, reported that CafePress, the popular T-shirt and merchandise e-commerce platform, had been the victim of a security breach. The breach exposed the personal details of 23 million customers, with compromised information including names, physical addresses, email addresses, passwords, and phone numbers.
Even though the data breach happened months ago on February 20, users weren't notified by CafePress. Instead, CafePress simply sent an email enforcing a password reset request to all customers without including any details regarding the data breach.
Cybersecurity researcher Jim Scott discovered the incident and relayed his findings to Troy Hunt, an Infosec researcher who helped bring the incident to light. They identified that half of the exposed users' passwords were encoded in base64 SHA1, a very weak encryption method that's not recommended for encrypting sensitive data.
Want to stay one step ahead of the attackers? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
With Log360, ManageEngine's comprehensive log management and Active Directory auditing tool, you can:
You will receive weekly cybersecurity news soon!
2022 Zoho Corporation Pvt. Ltd. All rights reserved.