[conspire] (forw) You're one of 23, 205, 290 people pwned in the CafePress data breach

Rick Moen rick at linuxmafia.com
Mon Aug 12 13:50:37 PDT 2019 

HaveIBeenPwned.com is a well-intended public service, but its advisories
need to be read attentively, if only because they lean towards the
melodramatic.  In this case, my having been 'pwned' by the CafePress
data breach means folks out there now know my name, address, e-mail
address, and telephone number.  Oh noes!  That's of course exactly what's
on http://linuxmafia.com/~rick/ .

But this is an apt reminder that, when you give your personal
information to a retailer, you should assume there's a high likelihood
of it going elsewhere, and should try to discourage the usage of that
information as an authentication method.

(Greetings from Waterford.)


----- Forwarded message from Have I Been Pwned <noreply at haveibeenpwned.com> -----

Date: Mon, 05 Aug 2019 02:02:24 +0000 (UTC)
From: Have I Been Pwned <noreply at haveibeenpwned.com>
To: rick at linuxmafia.com
Subject: You're one of 23,205,290 people pwned in the CafePress data breach

You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened.

You're one of 23,205,290 people who've had an account compromised in the CafePress hack of Feb 2019, the details of which you can read about here: https://haveibeenpwned.com/PwnedWebsites#CafePress

The data disclosed in the breach includes: Email addresses, Names, Phone numbers, Physical addresses

Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:

Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager: https://1password.com/
Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised: https://haveibeenpwned.com/Verify/c00052b8f6dcd6f[redacted]

Why are you only hearing about this now? Whilst the breach occurred in February, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. Have I Been Pwned will always attempt to alert you ASAP, it's just a question of how readily available the data is.

Please note that it is not possible to retrieve the passwords themselves from HIBP: https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/

If you don't want to receive any future breach notifications, just click here to unsubscribe: https://haveibeenpwned.com/Unsubscribe/c00052b8f6dcd6f1[redacted]


----- End forwarded message -----

More information about the conspire mailing list