cyber Breach

Teespring

May 11, 2023 1 min read
Teespring

A hacker named ShinyHunters leaked the details of millions of users registered on Teespring, a web portal that creates and sells custom-printed apparel.

The Teespring data was made available as a 7zip archive that includes two SQL files. The first file contains a list of more than 8.2 million Teespring users' email addresses and the date the email address was last updated.

The second file includes account details for more than 4.6 million users including a hashed version of the email address, usernames, real names, phone numbers, home addresses, and Facebook and OpenID identifiers users used to log into their accounts.

However, the investigation revealed that the breach happened due to a 3rd party service called Waydev requiring access to some of its data.

Source: https://www.zdnet.com/article/hacker-leaks-data-of-millions-of-teespring-users/

TPRM report: https://scoringcyber.rankiteo.com/company/teespring

"id": "tee123141222",
"linkid": "teespring",
"type": "Data Leak",
"date": "06/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': ["8.2 million users' email "
                                               'addresses',
                                               "4.6 million users' account "
                                               'details'],
                        'industry': 'E-commerce',
                        'name': 'Teespring',
                        'type': 'Company'}],
 'attack_vector': 'Third-Party Service',
 'data_breach': {'number_of_records_exposed': ['8.2 million email addresses',
                                               '4.6 million account details'],
                 'personally_identifiable_information': ['Email addresses',
                                                         'Usernames',
                                                         'Real names',
                                                         'Phone numbers',
                                                         'Home addresses'],
                 'type_of_data_compromised': ['Email addresses',
                                              'Usernames',
                                              'Real names',
                                              'Phone numbers',
                                              'Home addresses',
                                              'Facebook identifiers',
                                              'OpenID identifiers']},
 'description': 'A hacker named ShinyHunters leaked the details of millions of '
                'users registered on Teespring, a web portal that creates and '
                'sells custom-printed apparel.',
 'impact': {'data_compromised': ['Email addresses',
                                 'Usernames',
                                 'Real names',
                                 'Phone numbers',
                                 'Home addresses',
                                 'Facebook identifiers',
                                 'OpenID identifiers']},
 'initial_access_broker': {'entry_point': 'Third-party service Waydev'},
 'post_incident_analysis': {'root_causes': 'Third-party service Waydev '
                                           'requiring access to some of its '
                                           'data'},
 'threat_actor': 'ShinyHunters',
 'title': 'Teespring Data Breach',
 'type': 'Data Breach'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.