CafePress: Just 23 Million Customer Details May Have Slipped Away
August 6, 2019
I read “CafePress Hacked, 23M Accounts Compromised. Is Yours One Of Them?” Several years ago I participated in a meeting at which a senior officer of CafePress was in the group. The topic was a conference at which I was going to deliver a lecture about cyber security. I recall that the quite confident CafePress C suite executive pointed out to me that the firm had first rate security. Interesting, right?
The write up in the capitalist tool said:
According to that HIBP notification, the breach itself took place on Feb 20 and compromised a total of 23,205,290 accounts. The data was provided to Troy Hunt at HIBP from a source attributed as JimScott.Sec@protonmail.com.
I thought that an outfit with first rate security would not fall to a bad actor. I also assumed that the company would have reported the issue to customers promptly. It seems as though the breach took placed more than five months ago. (February 2019 and today is August 5, 2019.)
What’s DarkCyber’s take on this?
- The attitude of a CafePress executive makes clear that confidence and arrogance are poor substitutes for knowledge.
- The company looks like it needs a security and management health check.
- A failure to act more quickly suggests significant governance issues.
How about a T shirt with the CafePress logo and the phrase “First Rate Security” printed on the front?
Stephen E Arnold, August 6, 2019