CafePress Details

CafePress

Louisville, Kentucky • employees • Retail

Industry

Retail

Security Incidents

CafePress, Inc. is an American online retailer of stock and user-customized on-demand products. The company was founded in San Mateo, California, but is now headquartered in Louisville, Kentucky along with its production facility.

Security Incidents

CafePress Breach of Feb 2019

Severity Score

Significant

Type

Data Breach

Summary

In February 2019, CafePress experienced a significant data breach that exposed the personal information of approximately 23 million users. The breach was carried out by an unknown threat actor who exploited vulnerabilities in CafePress's systems to gain unauthorized access to user data. Compromised information included names, email addresses, physical addresses, phone numbers, and encrypted passwords, with some passwords reportedly stored using weak encryption methods. The breach was not publicly disclosed until August 2019, leading to criticism over the delayed notification to affected users....
Show more

Severity

The CafePress cyber security incident of February 2019 was severe as it resulted in the theft of personal data from more than 20 million customer accounts, including names, addresses, phone numbers, and passwords encrypted with the outdated SHA-1 protocol. The breach exposed significant vulnerabilities in CafePress's security measures and highlighted the risks associated with using weak encryption methods.

Impact

The breach impacted over 20 million customer accounts, leading to the exposure of sensitive personal information such as names, addresses, phone numbers, and passwords. This breach not only compromised the privacy and security of CafePress customers but also raised concerns about the company's data protection practices and the importance of implementing robust security measures.