CafePress

www.cafepress.com Website Breach

Overview

On February 20, 2019, CafePress was breached. Once the breach was discovered and verified, it was added to our database on August 5, 2019.

Why did it take so long to report this breach?

What data was compromised:

Additional information, including:

Names

Breach data provided by Have I Been Pwned

What to do for this breach

We recommend you take these steps to keep your personal info safe and protect your digital identity.

Change your password

Make this password unique and different from any others you use. A good strategy to follow is to combine two or more unrelated words to create an entire passphrase.

Change password for this site

Update other logins using the same password

Reusing passwords turns a single data breach into many. Now that this password is out there, hackers could use it to get in to other accounts.

Use a password manager to take your passwords everywhere

Use Firefox Lockwise to keep track of all your different passwords and access them securely from your phone or tablet.

Get Firefox Lockwise

Avoid sharing your phone number

Try to avoid giving out your phone number when signing up for new accounts or services. If a phone number isn’t required, don’t enter it.

Avoid using addresses in passwords

Using addresses or the street where you grew up weaken your passwords. Since it’s easy to find this info publicly, it makes these passwords easy to guess.

Set up two-factor authentication (2FA)

Many websites offer 2FA as an extra security measure. This requires another piece of information to log in to your account, such as a one-time code you receive via text.

See sites that offer 2FA

What is a website breach?

A website data breach happens when cyber criminals steal, copy, or expose personal information from online accounts. It’s usually a result of hackers finding a weak spot in the website’s security. Breaches can also happen when account information gets leaked by accident.

Why did it take so long to report this breach?

It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they have been discovered and verified.