Spreadshirt hack: attackers gained access to user data, including bank details and PayPal addresses

On Thursday, Spread Group warned their users of a “security incident where an unauthorized party attempted to access [the] platform.” Today, the company confirmed that it had suffered a data breach took where attackers got their hands on a variety of user data, including payment details.

Spread Group warned their customers, including those of Spreadshop, Spreadshirt, and TeamShirts, that “unidentified perpetrators” hacked the company’s servers and gained access to the data stored therein.

Information “accessed” by the threat actors includes street addresses, hashes of passwords saved before 2014, as well as “bank account details and/or PayPal addresses.”

Spread Group published a security advisory titled ‘Security Incident July 2021’, stating that “the company’s crisis team is working with external cyber-security specialists to systematically investigate these events.”

According to the statement, the hack mainly affected Spread Group’s customers, partners, and external suppliers.

“Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop or TeamShirts via bank transfer, or who have received a refund via bank transfer. According to the latest information from our investigations, the hacked servers did not contain the bank details of any other groups of customers.”
Spread Group

“In addition, the bank account numbers and PayPal addresses of partners who have received commission payments from Spread Group were also affected,” reads the advisory.

#SpreadGroup was the target of an organized cyber-attack which was carried out with considerably vicious criminal intent. Our day-to-day operations have not been impacted by this incident. All news at: https://t.co/X7m1TDQRaD #spreadshirt #spreadshop pic.twitter.com/Sy4TAz3UX0
— Spread Group (@spread_group) July 12, 2021

Next steps

Following the incident, the company urges affected Spreadshop, Spreadshirt, and TeamShirts users to change their account passwords.

If you have an account with Spreadshop, Spreadshirt, or TeamShirts, we also recommend you:

Enable two-factor authentication (2FA) on all your online accounts.
Consider using a password manager to create unique strong passwords and store them securely.
Set up identity theft protection with your financial institution of choice.