CafePress Data Breach: Can We Stop It? CafePress, a custom shop-and-goods firm, bought by Snapfish in November 2018 for over $25 million, was hacked. The infringement that affected over 23 million accounts had records in many studies.
CafePress breach
Very little truth is told at this point. As most people wake up to an e-mail from the HIBP. While discovered through a little searching that a related agency named ‘We Leak Details on 13 July’ caused the CafePress infringement to its database. This latter discovery seems to have largely come under the radar. Besides, with only a posting on Twitter and a brief mention of the ‘pawned’ subordinate party that lived after HIBP emails went out.
How did It happen?
The infringement took effect on 20 February and compromise a total of 23,205,290 accounts according to the HIBP notice. Troy Hunt got data from a [email protected] source from the source assigned.
The HIBP note reports it included 23 million unique email addresses in the data exposed; some infected documents also contain names, addresses, and telephone numbers. Since then, however, Jim Scott has been in contact again with me to add that the passwords are still among the data affected. Jim Scott, who presented the breach data.
“Troy neglected to supply passwords. Besides, this event, they suffered much,” says Scotts. Continuing “of the 23 million vulnerable people, about half of whom revealed their passwords. These are in base64, which is a very poor encryption mechanism. When one can use a safer code particularly in 2019 when better alternatives are possible?”
Why did it take so long to find out?
“It can sometimes take months or years for credentials to be out. Then exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they discover and verify.”
The fact that there is still no public disclosure of the event by CafePress as a great majority of violations of data are often undetected” Jim Scott says it is not so shocking.
“I hope that more people will be aware of their vulnerability of credentials and take steps to protect their information with the help of trojan,” Scott concludes “through adding this data to HaveIBeenPwered.”
How do I know I’m not a victim?
Fortunately, it’s much easier. Browse through the HIBP website and enter your e-mail addresses. Further, the database will immediately return information. About any violations in your records, like CafePress.
How can we prevent breaches?
“I just don’t even know if it’s even possible to safeguard data online anymore,” says Ian Thornton-Trump. A Cybersecurity Director of Amtrusted International. “I think we need strong data retention and data expiration. So consumers can decide how long their data will hold and what data fields to retain.”
During this talk, Thornton-Trump confesses that the market research and data science analytical industries would of course be unhappy as these services focus on large data sets analysis. “So it appears that there is no end in sight and all organizations can do is regularly test their defenses and make incremental improvements to security as well as upgrading applications and their libraries to the latest secure versions,” says Thornton-Trump.