Millions Of Teespring Users Had Private Information Breached

February 1, 2021

Written by wukovits

millions of teespring users had private information breachedTeespring is a popular destination on the web that allows users to create and sell custom-printed apparel, including, as the name implies, custom-designed tee-shirts.

If you use the site, you should know that recently, an as yet unknown third party successfully breached the site and made off with a couple of the company’s databases.

These have been made available on the web, exposing some user information belonging to more than 8 million of the company’s users.

The two SQL files were compressed as a 7Zip archive, with the first containing user email addresses and the dates that the email addresses were last updated. The second SQL file contains the account details of more than four and a half million users, and includes OpenID and Facebook account information (if those were used in the creation of the Teespring account), the user’s home address, name, and phone numbers. That is all in addition to other, mostly non-sensitive details contained in the users’ profiles.

If there’s a silver lining to be found regarding the incident, it lies in the fact that no password data appears to have been present in either file, which dramatically reduces the risks associated with the stolen data. Nonetheless, there’s enough there that it would certainly be possible for hackers to mesh it with information from other sources to steal someone’s identity. It should be noted, however, that it is possible that additional databases could have been stolen, and these could easily have contained passwords that the hackers simply opted not to publish.

In any case, the company made a formal disclosure about the incident, revealing that their investigation to this point indicates that the incident occurred in June, 2020.

The company’s statement reads, in part, as follows:

“Teespring had previously evaluated a 3rd party service called Waydev which required access to some of our data. This access was implemented via a technology called OAuth.Unfortunately, Waydev retained the OAuth token for Teespring (and several other companies) which was accessed from Waydev without authorization by a third party. The token was then used to gain access to some of the Teespring infrastructure.”

If you’re a Teespring user, be aware that some of your data may have been compromised, and be on the alert for suspicious emails hitting your inbox.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Send us a message

Your message was sent.