We’ve, um, changed our password policy, says CafePress amid reports of 23m pwned accounts
Source: The Register
By: Gareth Corfield
Published: August 5, 2019
* Twee T-shirts ‘n’ merch purveyor CafePress had 23 million user records swiped · reportedly back in February · and this morning triggered a mass password reset, calling it a change in internal policy. * Details of the security breach emerged when infosec researcher Troy Hunt’s Have I Been Pwned service · which lists websites known to have been hacked, allowing people to check if their information has been stolen · began firing out emails to affected people in the small hours of this morning. * According to HIBP, a grand total of 23,205,290 CafePress customers’ data was swiped by miscreants, including email addresses, names, phone numbers, and physical addresses.