8+ million Teespring user records leaked on hacker forum

A user on a popular hacker forum has leaked an archive containing user and creator data allegedly exfiltrated from Teespring, an e-commerce platform that allows people to design, market, and sell custom (and often controversial) apparel.

The files contained in the leaked archive include email addresses and last update dates for 8,242,000 user accounts, as well as full names, phone numbers, locations, and other account details of more than 4 million Teespring users and apparel creators.

Judging from the account update dates, the data appears to have been exfiltrated from Teespring servers sometime in April 2020, and presumably maliciously used by the forum post author for more than eight months. According to ZDNet, however, the data comes from a Teespring breach that the company suffered in June 2020 and disclosed on December 1, 2020.

To see if any of your online accounts were exposed in this or other security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What’s been leaked?

There are two SQL files in the leaked Teespring archive, labeled “emails” and “users.”

The first file includes email addresses and last account update dates of 8,242,000 users:

The second file contains 4,000,000+ user records, including:

• Usernames
• Full names
• Locations
• Phone numbers
• Creator IDs
• Referral information
• Trust score
• Whitelisted seller campaigns, storefronts, bank check payouts, and other analytics data

Example of leaked user records from the second file:

It’s unclear whether the “emails” and “users” files refer to the same or different sets of users, which means that the size of the leak could be anywhere between 8 and 12 million user records.

Who had access to the data?

The Teespring archive was leaked on January 17. Based on that fact, we assume that, in addition to the post author having maliciously used the data for more than eight months, a sizable part of the hacker community was able to download and access the data since it was posted on the forum.

What’s the impact of the leak?

While not particularly sensitive at first glance, the data stored in the leaked archive can be used by bad actors against Teespring users in several different ways:

• Carrying out spear-phishing attacks against users and creators whose data was exposed.
• Spamming the victims’ emails and phones.
• Brute-forcing the users’ online accounts.

Fortunately, the archive doesn’t contain any deeply sensitive data like passwords, documents, or payment details. That being said, particularly determined threat actors can combine leaked names, email addresses, and phone numbers with information obtained from other data breaches to build a more detailed picture of the victim in order to commit identity theft.

Next steps

If you have a Teespring account and your data has been exposed in this leak, we recommend you:

• Change your Teespring password and consider using a password manager to create strong passwords.
• Enable two-factor authentication (2FA) on all your online accounts.

Watch out for potential phishing emails and text messages. Don’t click on anything suspicious or respond to anyone you don’t know.