ShellCodeX Breach Report
CafePress Data Breach
cafepress.com
Verified breach
Passwords exposed
Accounts exposed
23,205,290
Breach date
20 Feb 2019
Added to tracker
05 Aug 2019
Data classes
5
What happened
In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes.
Exposed data
Email addresses
Names
Passwords
Phone numbers
Physical addresses
Recommended actions
- Change your CafePress password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing CafePress โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP