Spreadshirt hack: attackers gained access to user data, including bank details and PayPal addresses


On Thursday, Spread Group warned their users of a “security incident where an unauthorized party attempted to access [the] platform.” Today, the company confirmed that it had suffered a data breach took where attackers got their hands on a variety of user data, including payment details.
Spread Group warned their customers, including those of Spreadshop, Spreadshirt, and TeamShirts, that “unidentified perpetrators” hacked the company’s servers and gained access to the data stored therein.
Information “accessed” by the threat actors includes street addresses, hashes of passwords saved before 2014, as well as “bank account details and/or PayPal addresses.”
Spread Group published a security advisory titled ‘Security Incident July 2021’, stating that “the company’s crisis team is working with external cyber-security specialists to systematically investigate these events.”
According to the statement, the hack mainly affected Spread Group’s customers, partners, and external suppliers.
“Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop or TeamShirts via bank transfer, or who have received a refund via bank transfer. According to the latest information from our investigations, the hacked servers did not contain the bank details of any other groups of customers.”
Spread Group
“In addition, the bank account numbers and PayPal addresses of partners who have received commission payments from Spread Group were also affected,” reads the advisory.
Next steps
Following the incident, the company urges affected Spreadshop, Spreadshirt, and TeamShirts users to change their account passwords.
If you have an account with Spreadshop, Spreadshirt, or TeamShirts, we also recommend you:
- Enable two-factor authentication (2FA) on all your online accounts.
- Consider using a password manager to create unique strong passwords and store them securely.
- Set up identity theft protection with your financial institution of choice.
More from CyberNews:
Threat actors scrape 600 million LinkedIn profiles - again
Secure your device with best VPN services
This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto
Dark innovation: scammers innovate to keep ahead of regulation
Subscribe to our newsletter
Your email address will not be published. Required fields are marked