© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Spreadshirt hack: attackers gained access to user data, including bank details and PayPal addresses

On Thursday, Spread Group warned their users of a “security incident where an unauthorized party attempted to access [the] platform.” Today, the company confirmed that it had suffered a data breach took where attackers got their hands on a variety of user data, including payment details.

Spread Group warned their customers, including those of Spreadshop, Spreadshirt, and TeamShirts, that “unidentified perpetrators” hacked the company’s servers and gained access to the data stored therein.

Information “accessed” by the threat actors includes street addresses, hashes of passwords saved before 2014, as well as “bank account details and/or PayPal addresses.”

Spread Group published a security advisory titled ‘Security Incident July 2021’, stating that “the company’s crisis team is working with external cyber-security specialists to systematically investigate these events.”

According to the statement, the hack mainly affected Spread Group’s customers, partners, and external suppliers.

“Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop or TeamShirts via bank transfer, or who have received a refund via bank transfer. According to the latest information from our investigations, the hacked servers did not contain the bank details of any other groups of customers.”

Spread Group

“In addition, the bank account numbers and PayPal addresses of partners who have received commission payments from Spread Group were also affected,” reads the advisory.

Next steps

Following the incident, the company urges affected Spreadshop, Spreadshirt, and TeamShirts users to change their account passwords.

If you have an account with Spreadshop, Spreadshirt, or TeamShirts, we also recommend you:

  • Enable two-factor authentication (2FA) on all your online accounts.
  • Consider using a password manager to create unique strong passwords and store them securely.
  • Set up identity theft protection with your financial institution of choice.

More from CyberNews:

Threat actors scrape 600 million LinkedIn profiles - again

CyberNews personal data leak checker: see if your online accounts were exposed in previous security breaches

Secure your device with best VPN services

This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto

Dark innovation: scammers innovate to keep ahead of regulation

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked