Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » 8+ million Teespring user records leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

by Edvardas Mikalauskas
25 January 2021
in Security
0
Teespring data leaked on hacker forum
45
SHARES

A user on a popular hacker forum has leaked an archive containing user and creator data allegedly exfiltrated from Teespring, an e-commerce platform that allows people to design, market, and sell custom (and often controversial) apparel.

Graphical user interface  Description automatically generated with low confidence

The files contained in the leaked archive include email addresses and last update dates for 8,242,000 user accounts, as well as full names, phone numbers, locations, and other account details of more than 4 million Teespring users and apparel creators. 

Judging from the account update dates, the data appears to have been exfiltrated from Teespring servers sometime in April 2020, and presumably maliciously used by the forum post author for more than eight months. According to ZDNet, however, the data comes from a Teespring breach that the company suffered in June 2020 and disclosed on December 1, 2020.

To see if any of your online accounts were exposed in this or other security breaches, use our personal data leak checker with a library of 15+ billion breached records.

What’s been leaked?

There are two SQL files in the leaked Teespring archive, labeled “emails” and “users.” 

The first file includes email addresses and last account update dates of 8,242,000 users: 

A screen shot of a computer  Description automatically generated with low confidence

The second file contains 4,000,000+ user records, including:  

  • Usernames
  • Full names
  • Locations
  • Phone numbers
  • Creator IDs
  • Referral information
  • Trust score
  • Whitelisted seller campaigns, storefronts, bank check payouts, and other analytics data

Example of leaked user records from the second file:

Chart  Description automatically generated

It’s unclear whether the “emails” and “users” files refer to the same or different sets of users, which means that the size of the leak could be anywhere between 8 and 12 million user records.

Who had access to the data?

The Teespring archive was leaked on January 17. Based on that fact, we assume that, in addition to the post author having maliciously used the data for more than eight months, a sizable part of the hacker community was able to download and access the data since it was posted on the forum.

What’s the impact of the leak?

While not particularly sensitive at first glance, the data stored in the leaked archive can be used by bad actors against Teespring users in several different ways:

  • Carrying out spear-phishing attacks against users and creators whose data was exposed.
  • Spamming the victims’ emails and phones.
  • Brute-forcing the users’ online accounts.

Fortunately, the archive doesn’t contain any deeply sensitive data like passwords, documents, or payment details. That being said, particularly determined threat actors can combine leaked names, email addresses, and phone numbers with information obtained from other data breaches to build a more detailed picture of the victim in order to commit identity theft. 

Next steps

If you have a Teespring account and your data has been exposed in this leak, we recommend you:

  • Change your Teespring password and consider using a password manager to create strong passwords.
  • Enable two-factor authentication (2FA) on all your online accounts. 

Watch out for potential phishing emails and text messages. Don’t click on anything suspicious or respond to anyone you don’t know.

Share45TweetShareShare
Next Post
GameStop shares soar on short squeeze, then ease in wild trade session

GameStop shares soar on short squeeze, then ease in wild trade session

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!