• Latest
  • Trending
CafePress fined $500,000 for breach affecting 23 million users

CafePress fined $500,000 for breach affecting 23 million users

June 27, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 29 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

CafePress fined $500,000 for breach affecting 23 million users

by ITECHNEWS
June 27, 2022
in Infosec, Leading Stories
0 0
0
CafePress fined $500,000 for breach affecting 23 million users

The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.

As the consumer protection watchdog explained in a complaint from March 2022, Residual Pumpkin Entity stored its customers’ Social Security numbers and password reset answers in plain text and longer than necessary.

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

The company also failed to apply available protections and respond to security incidents. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.

According to the finalized order, on top of paying a $500,000 fine, Residual Pumpkin and PlanetArt (CAfePress’ new owner) have to implement multi-factor authentication, minimize the amount of collected and retained data, and encrypt all stored Social Security numbers.

PlanetArt was also ordered to alert buyers and sellers whose personal info was accessed or stolen during the security breaches and provide them with information on how they can protect themselves.

February 2019 data breach

After a February 2019 breach of CafePress’ servers, unknown attackers gained access to, exfiltrated, and later put up for sale on the dark web personal information belonging to 23,205,290 CafePress users, including:

  • millions of email addresses and passwords with weak encryption;
  • millions of unencrypted names, physical addresses, and security questions and answers;
  • more than 180,000 unencrypted Social Security numbers;
  • and tens of thousands of partial payment card numbers and expiration dates.

CafePress allegedly tried to cover up this massive data breach and didn’t notify any affected individuals until September 2019, one month after BleepingComputer reported the breach. However, some users were made aware of the incident after receiving notifications from Troy Hunt’s Have I Been Pwned service.

At the time, CafePress did not reply when BleepingComputer reached out for more information and did not issue a statement regarding the breach.

The only sign that something was wrong was that its users were forced to reset their password when logging in (with no mention of the data breach).

Failures to investigate attacks and report breaches

CafePress knew that it had data security problems even before the 2019 breach since, according to FTC’s complaint, the company found out that some of its shopkeepers’ accounts had been compromised since at least January 2018.

Instead of informing them of the incidents, CafePress closed their accounts and charged each of them a $25 account closure fee.

Several malware infections also impacted the company’s network before the 2019 security breach, and CafePress, once again, failed to investigate the attacks.

When it announced the complaint in March, the FTC claimed that CafePress “misled users by using consumer email addresses for marketing despite its promises that such information would only be used to fulfill orders consumers had placed.”

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: CafePress fined for breach affecting 23 million users
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version