CafePress
What Happened
In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Compromised Data
Recommended Actions
Change Your Password
If you haven't changed your password on this service since the breach, do so immediately.
Enable Two-Factor Authentication
If 2FA is supported, add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts, spam and phishing emails.
Breach Overview
-
Affected Accounts:
23.2 million
-
Breach Occurred:
February 2019
-
Added to HIBP:
5 Aug 2019
Recommended Actions
Change Your Password
If you haven't changed your CafePress password since 2019, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts or messages from your account.
