CafePress hacked

[kimmer]

Apparently this happened back on February 20, was reported in the news (I totally missed it) in Aug 2019.

https://www.forbes.com/sites/daveywinder/2019/08/05/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them/#6cd400ef407e

Two days ago I received an alert from my credit watching company that my info from CafePress had been compromised and was on the dark web. According to HIBP, the information includes: Email addresses, Names, Passwords, Phone numbers, Physical addresses. 

I just popped in to CafePress to change password and check account and received a notice that my account doesn't exist. I'm not sure what to think. I guess tomorrow, after I deal with other things, I'll try contacting CafePress. Not real hopeful.

[Xairbusdriver]

At worst, that name/password combo will be used anywhere else you used it.
At best, you've only lost all your data/posts/etc.
       OR
CafePress has temporarily shutdown the servers with your credentials.

[kimmer]

At worst, that name/password combo will be used anywhere else you used it.

I don't reuse passwords. User names sometimes, but not passwords.

At best, you've only lost all your data/posts/etc.
       OR
CafePress has temporarily shutdown the servers with your credentials.

Data would be all the things I've purchased over the years. No biggy. Shutdown the server? Possible, but not likely as they keep demanding that I change my password due to the hacking.

My info is out, I can't reel it back in, but I want to verify that they didn't have any credit card info. Right now I'm dealing with a gov't agency that demands I contact them today or else, but the civil servant I need to talk with is on vacation.    I'll deal with CafePress later.

[Xairbusdriver]

Any place that uses your credit card should already need a password, in my opinion. Of course, if they are not encrypting that data and the server, it won’t be protected.

They likely (hopefully) use multiple servers and many of them may be “off-line” while they sort things out.

Good luck with bureaucrats!

[Paddy]

I got an email from Cafe Press the other day - the relevant bit:

The information may have included your name, email address, the password to your CafePress account, and other information (physical address, phone number, and in a small number of cases, only the last four digits of your credit number and credit card expiration date).

Like you, Kimmer, when I attempted to log in at Cafe Press, I got the "account doesn't exist" - but when I tried again now, using the "forgot password" option, sure enough, there was an account. I have now changed the PW (which oddly, was one I hadn't stored in 1Password anyway and I would have had to do the "forgot PW" thing if I'd wanted to order from them again. I don't reuse passwords, so that's not much of a concern. My CC expiration and PIN code have changed since I last ordered, and if all they have is the last 4 digits of my CC they won't get far anyway. My name, address and landline are in the phone book, so it's not as if those are of much use. The Gmail address used gets some spam - and Gmail does a great job of filtering it out, so...methinks I've done as much as I can at this point.

It IS annoying that this keeps happening. 

Evite is another one that I use that got hacked recently - though the email address that shows up in HIBP is NOT either of the ones I used for accounts there (I have two - one is for an organization, the other personal), but an email address that was in HIBP was in one of the contact/invitee lists. So all they got with that one was the name and the email address. Again...no biggie, but all the Evite PWs have been changed anyway.

[beacher]

I got the email also. I didn’t click the link provided, bu went to the site through StasrtPage, tried “forgot password” with both emails, and got a Leo such account exits”, so I guess I'm safe. I do keep a close watch on my credit card account, checking in a couple of times a week, ever since the 3 major “credit companies” got hacked 3 or 4 years ago, so I'm not too worried about this.

[kimmer]

No luck on finding my account. Strange that it hit the dark web, but doesn't exist -- but I'm not going to worry about it. I searched both my gmail account, and my "receipts" folder on my iMac and the last time I used this account was 2013! I paid through paypal, so they wouldn't have any credit card info on me. In reading what was purchased, I realized that the items ordered were at Sneakers request. Yeah, I'm a big cafepress shopper.  

It IS annoying that this keeps happening. 

This is the biggest issue, and it's not just CafePress. I'm not sure there is any merchant/bank/credit card site that is safe. I'm not sure ANY site is safe from hackers. So if you use the Internet, you're vulnerable and you do the best you can and hope for the best. Actually, if you have a bank account or a credit card, you're vulnerable -- even if you never trip the 'net fantastic.

And on that happy note--HAHA--I'm outta here.