Leave a comment

Data breach: 23 million user records hacked and shared online

Data breach: 23 million user records hacked and shared online

Another e-commerce site has been breached. This time the company is not acknowledging that it has been hacked.

Experts who keep track of data breaches discovered the most recent hack. It has affected more than 23 million users.

Find out more about the hack, including what data was taken. We'll also show you the similarities the hack has to a recent data breach at another e-commerce site.

Customers asked to change passwords

T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated "password policy." But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February.

Word of the data breach comes from the website Have I Been Pwned. CafePress' email to its customers did not mention the hack.

The exposed data includes unique email addresses with some records also containing names, physical addresses and phone numbers. The data was provided to Have I Been Pwned by security researcher Jim Scott.

CafePress has not returned Komando.com's request for comment.

There are reports that information from about 493,000 CafePress accounts are being sold on the dark web. It's not known if that information came from the February hack.

 

Related: Hacker breaches major bank, exposing data of over 100 million people

 

StockX forced to reveal hack

CafePress' reaction to the hack is similar to last week's data breach at fashion and sneaker e-commerce site StockX. The company raised alarm bells when it sent out an email to customers telling them to reset their passwords due to "systems updates."

StockX then said it had been alerted to suspicious activity. Within hours, it was reported that more than 6.8 million StockX records had been stolen by hackers in May. The data had already been purchased for $300 on the dark web.

As media pressure mounted, StockX finally admitted that it had been hacked. Two days after its initial email to customers, StockX issued a statement saying the site had been hacked and it had immediately launched an investigation.

The company said that although the investigation is ongoing, evidence suggests hackers had accessed customer names, email addresses, shipping addresses, usernames, hashed passwords and purchase histories. StockX added that there is no evidence so far that customers' financial data has been stolen.

The CafePress hack marks the third data breach of an e-commerce site in less than a week. Hackers stole full names, cities, email addresses, linked social media profiles and account passwords from the online marketplace Poshmark. The passwords were encrypted.

The seller of used clothing said no financial data was taken. The company did not reveal how many customers were affected, but it is advising all of its website's users to change their Poshmark passwords.

Komando.com will keep you updated on the CafePress hack as we receive more information.

You're not getting much from Equifax -- here's how to change your choice

The Federal Trade Commission (FTC) is continuing to encourage consumers affected by the Equifax data breach to choose free credit monitoring instead of cash. Millions of Americans submitted claims to get the $125 offered by Equifax as part of its $425 million settlement with the FTC. Despite the size of the settlement, a $31 million cap was put on the cash claims.

Click or tap here to read more about Equifax's credit monitoring option.

Next Story
View Comments ()
Bad news, Android users: Your phone can probably be hacked via Wi-Fi
Previous Happening Now

Bad news, Android users: Your phone can probably be hacked via Wi-Fi

Major Intel security flaw puts PCs at risk - exposing passwords, conversations and more
Next Happening Now

Major Intel security flaw puts PCs at risk - exposing passwords, conversations and more