Skip to main content

Millions Of Teespring Users Had Private Information Breached

By February 1, 2021August 25th, 2021Cybersecurity

What is Teespring

Teespring is a popular destination on the web that allows users to create and sell custom-printed apparel, including, as the name implies, custom-designed tee-shirts.

Private information breached- Olmec

Is Teespring Safe

If you use the site, you should know that recently, an as yet unknown third party successfully breached the site and made off with a couple of the company’s databases.

These have been made available on the web, exposing some user information belonging to more than 8 million of the company’s users.

The two SQL files were compressed as a 7Zip archive, with the first containing user email addresses and the dates that the email addresses were last updated. The second SQL file contains the account details of more than four and a half million users, and includes OpenID and Facebook account information (if those were used in the creation of the Teespring account), the user’s home address, name, and phone numbers. That is all in addition to other, mostly non-sensitive details contained in the users’ profiles.

If there’s a silver lining to be found regarding the incident, it lies in the fact that no password data appears to have been present in either file, which dramatically reduces the risks associated with the stolen data. Nonetheless, there’s enough there that it would certainly be possible for hackers to mesh it with information from other sources to steal someone’s identity. It should be noted, however, that it is possible that additional databases could have been stolen, and these could easily have contained passwords that the hackers simply opted not to publish.

In any case, the company made a formal disclosure about the incident, revealing that their investigation to this point indicates that the incident occurred in June, 2020.

The company’s statement reads, in part, as follows:

“Teespring had previously evaluated a 3rd party service called Waydev which required access to some of our data. This access was implemented via a technology called OAuth.Unfortunately, Waydev retained the OAuth token for Teespring (and several other companies) which was accessed from Waydev without authorization by a third party. The token was then used to gain access to some of the Teespring infrastructure.”

If you’re a Teespring user, be aware that some of your data may have been compromised, and be on the alert for suspicious emails hitting your inbox.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply