topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 6:42 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: CafePress security incident 2019-02-19  (Read 4487 times)

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,612
    • View Profile
    • Donate to Member
CafePress security incident 2019-02-19
« on: September 25, 2019, 01:43 PM »
Today, September 25th, 2019, I received an e-mail from CafePress, the supplier of, among other stuff, the NANY mugs, stating they have had a security incident on February 19th, 2019, where customer names, addresses, e-mail addresses and account-passwords have been stolen from a database. It appears they first published this story on September 5th, 2019.
I took a screenshot from their website where the whole story is explained for as far as they know.

CafePress security incident 05-09-2019.png


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #1 on: September 25, 2019, 02:22 PM »
 >:(

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #2 on: September 25, 2019, 03:10 PM »
I tried to login to change my password and they say I don't have an account. I suppose that would be why I didn't get an email notification about this.

Now I'm wondering if my account was deleted due to inactivity or if I manually requested it to be deleted long enough ago that I forgot I had done that. :-\

anandcoral

  • Honorary Member
  • Joined in 2009
  • **
  • Posts: 777
    • View Profile
    • Free Portable Apps
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #3 on: September 26, 2019, 04:22 AM »
As far as I have read, hackers are always trying to break in one and all servers, sadly.

So we just have to be cautious and use different passwords for all websites ; and, most important, only give information which is needed for using the website.

Other then that we do not have any hope or control on this big internet world.

Regards,

Anand

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #4 on: September 26, 2019, 07:16 AM »
Shit, LatestHackingNews.com had an article about this back in August - But I didn't make the connection back then.

Sorry Mouser.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #5 on: September 26, 2019, 10:52 PM »
Eh, these things happen.  I'm not stressed over it, just normal level irritation with such things :)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #6 on: October 02, 2019, 05:49 AM »
I think the most important things to take away from these occasional security incidents are:
1. Remember to use a different password on every website
2. Keep separate the email address you use for important personal conversation and the email address you use to sign up to random unimportant websites.
3. Have an alert set on your credit cards so you get a notification after EVERY purchase.  I think this is an item many people don't bother to set up, but I find it invaluable.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #7 on: October 02, 2019, 09:29 AM »
2. Keep separate the email address you use for important personal conversation and the email address you use to sign up to random unimportant websites.

A call out again for a feature in gmail that I make extensive use of- +addressing.  email+<meaningfulsuffix>@gmail.com.  I use those for signups everywhere, and I've been able to blacklist a few sites from my interest/attention by the e-mail addresses in spam.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #8 on: October 02, 2019, 12:16 PM »
I think the most important things to take away from these occasional security incidents are:
1. Remember to use a different password on every website
2. Keep separate the email address you use for important personal conversation and the email address you use to sign up to random unimportant websites.
3. Have an alert set on your credit cards so you get a notification after EVERY purchase.  I think this is an item many people don't bother to set up, but I find it invaluable.

4.a. Whenever possible, refuse to give any personal information to any company -- too many have proven they will not be good stewards of the information you've given them.
4.b. If a company/site/service requires you to give them information, falsify as much of it as you (legally) can while still using their service. Obviously Amazon needs my postal address to ship stuff to me, but there's no reason why an instant messaging app needs to know e.g. my phone number or postal address.

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
Re: CafePress security incident 2019-02-19
« Reply #9 on: October 20, 2019, 05:21 PM »
5.  Your password is only as secure as the computer it's sitting on.  "Password123" is functionally the same as a 256-bit SHA1 hash of Calvin Coolidge's autobiography; Chapter 7, if the service in question stores it in a plain text file. (Yes, this does happen)  :-\