Skip to Content
Security & privacy

Data breach: 23 million user records hacked and shared online

Another e-commerce site has been breached. This time the company is not acknowledging that it has been hacked.

Experts who keep track of data breaches discovered the most recent hack. It has affected more than 23 million users.

Find out more about the hack, including what data was taken. We’ll also show you the similarities the hack has to a recent data breach at another e-commerce site.

Customers asked to change passwords

T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated “password policy.” But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February.

Word of the data breach comes from the website Have I Been Pwned. CafePress’ email to its customers did not mention the hack.

The exposed data includes unique email addresses with some records also containing names, physical addresses and phone numbers. The data was provided to Have I Been Pwned by security researcher Jim Scott.

CafePress has not returned’s request for comment.

There are reports that information from about 493,000 CafePress accounts are being sold on the dark web. It’s not known if that information came from the February hack.


Related: Hacker breaches major bank, exposing data of over 100 million people


StockX forced to reveal hack

CafePress’ reaction to the hack is similar to last week’s data breach at fashion and sneaker e-commerce site StockX. The company raised alarm bells when it sent out an email to customers telling them to reset their passwords due to “systems updates.”

StockX then said it had been alerted to suspicious activity. Within hours, it was reported that more than 6.8 million StockX records had been stolen by hackers in May. The data had already been purchased for $300 on the dark web.

As media pressure mounted, StockX finally admitted that it had been hacked. Two days after its initial email to customers, StockX issued a statement saying the site had been hacked and it had immediately launched an investigation.

The company said that although the investigation is ongoing, evidence suggests hackers had accessed customer names, email addresses, shipping addresses, usernames, hashed passwords and purchase histories. StockX added that there is no evidence so far that customers’ financial data has been stolen.

The CafePress hack marks the third data breach of an e-commerce site in less than a week. Hackers stole full names, cities, email addresses, linked social media profiles and account passwords from the online marketplace Poshmark. The passwords were encrypted.

The seller of used clothing said no financial data was taken. The company did not reveal how many customers were affected, but it is advising all of its website’s users to change their Poshmark passwords. will keep you updated on the CafePress hack as we receive more information.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out