Teespring Breach Includes Private Information. Teespring is a popular destination on the web, allowing users to create and sell custom-printed apparel, including, as the name implies, custom-designed tee-shirts.
Unfortunately, Teespring breach of private information is available on the web, exposing some user information to more than 8 million of the company’s users.
The two SQL files compressing as a 7Zip archive, with the first containing user email addresses and the dates that the email addresses with last updates. The second SQL file contains the account details of more than four and a half million users. It includes OpenID and Facebook account information (if using OpenID and Facebook to create the Teespring account), the user’s home address, name, and phone numbers. That is all in addition to other, mostly non-sensitive details contained in the users’ profiles.
There may be a silver lining regarding Teespring Breach Includes Private Information. No password data appears to have been present in either file, which dramatically reduces the stolen data’s risks. Nonetheless, there’s enough there that it would certainly be possible for hackers to mesh it with information from other sources to steal someone’s identity. However, it’s possible additional databases have been stolen, and these could easily be containing passwords that the hackers opt not to publish.
In any case, Teespring made a formal disclosure about the incident, revealing that their investigation to this point indicates that the incident occurred in June 2020.
The company’s statement reads, in part, as follows:
“Teespring had previously evaluated a 3rd party service called Waydev which required access to some of our data. This access was implemented via a technology called OAuth.Unfortunately, Waydev retained the OAuth token for Teespring (and several other companies) which was accessed from Waydev without authorization by a third party. The token was then used to gain access to some of the Teespring infrastructure.”
If you’re a Teespring user, be aware that some of your compromising data and be alert for suspicious emails hitting your inbox.
