CafePress

In February 2019 the custom merchandise retailer CafePress suffered a major data breach affecting approximately 23 million unique accounts. The incident involved the unauthorized access and extraction of a large database containing sensitive user information. The exposed data included email addresses, names, physical addresses, and phone numbers. Furthermore, password hashes using the SHA-1 algorithm were compromised, which are considered vulnerable to modern cracking techniques. The company failed to notify many users until several months after the initial discovery of the breach.