{"id":2806,"date":"2022-03-24T12:36:12","date_gmt":"2022-03-24T18:36:12","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2806"},"modified":"2022-03-24T12:36:15","modified_gmt":"2022-03-24T18:36:15","slug":"can-online-retailer-keep-your-personal-information-secure","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/24\/can-online-retailer-keep-your-personal-information-secure\/","title":{"rendered":"Can online retailer keep your personal information secure?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On March 17, 2022, CafePress&#8217; past owner was fined $500,000 for security problems.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-src=\"https:\/\/zhengrujohnchen.files.wordpress.com\/2022\/03\/image-1.png?w=959\" alt=\"\" class=\"wp-image-33 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is CafePress?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">CafePress is an online retail store that allows customers to create their own products, like custom T-shirts, bags, mugs and other merchandise.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>&#8216;Shoddy&#8217; Security<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Federal Trade Commission(FTC) claims that CafePress stored the customers\u2019 information in readable text, kept their data longer than necessary and did not repair known system vulnerabilities. CafePress was hacked and more than 23 million accounts compromised in November 2018. After a year, CafePress was hacked again. An attacker was able to access the data and obtain user private information with weak encryption. This major security incident caused millions of CafePress users&#8217; privacy disclosure that included email addresses, passwords, physical addresses, names, security questions and answers, phone numbers, tens of thousands of card payment information and over 180,000 unencrypted social security numbers. <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"twitter-tweet\"><blockquote class=\"twitter-tweet\" data-lang=\"en\"><p lang=\"en\" dir=\"ltr\">New Data Breach Alert!<br><br>Site: Cafepress<br>Date: 02\/2019<br>Records: 23,321,980<br>Status: Undisclosed<br>Info: Email, First Name, Last Name, Hash<br><br>See if your information was leaked for free at (link: <a href=\"https:\/\/t.co\/Il5zj4Bl4h\">https:\/\/t.co\/Il5zj4Bl4h<\/a>) <a href=\"https:\/\/t.co\/3ev8DRCmZ6\">https:\/\/t.co\/3ev8DRCmZ6<\/a><a href=\"https:\/\/twitter.com\/hashtag\/weleakinfo?src=hash&amp;ref_src=twsrc%5Etfw\">#weleakinfo<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\">#infosec<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/databreach?src=hash&amp;ref_src=twsrc%5Etfw\">#databreach<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/OSINT?src=hash&amp;ref_src=twsrc%5Etfw\">#OSINT<\/a><\/p>&mdash; We Leak Info (@weleakinfo) <a href=\"https:\/\/twitter.com\/weleakinfo\/status\/1150227690735230976?ref_src=twsrc%5Etfw\">July 14, 2019<\/a><\/blockquote><\/div>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Secure algorithms<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since 23 million customer records were siphoned from CafePress by hackers in November 2018. CafePress was using the SHA-1 to store the users personal information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is SHA-1?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the National Security Agency and published by the National Institute of Standards and Technology (NIST) as a Federal Data Processing Standard (FIPS). The main purpose of SHA-1 is to take input and create a 160-bit (20-byte) hash value. But during 2005, cryptanalysts have found an effective attack on SHA-1, suggesting the algorithm may not be secure enough to continue to be used, also where google, microsoft and other browser companies claim to refuse to accept SHA-1 web encrypt digital certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Conclusion&nbsp;&nbsp;<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In my opinion, an outdated and unsecured encryption method is more dangerous than no encryption method, because people will be more careful on sites without an encrypted certificate, or decide to avoid using it. But to a site with encrypted digital certificates people would consider it is safe to browse, and to thrust the personal information entered are well protected. An outdated and unsecured encryption method has posed a potential threat to user privacy information. This could cost more trouble, where some time is hard to prevent a data leak that is not from your end.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sources:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.zdnet.com\/article\/cafepress-fined-500-million-for-shoddy-security-covering-up-data-breach\/\">https:\/\/www.zdnet.com\/article\/cafepress-fined-500-million-for-shoddy-security-covering-up-data-breach\/<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/it.slashdot.org\/story\/22\/03\/20\/2351231\/cafepresss-previous-owner-fined-500000-for-shoddy-security-covering-up-data-breach\">https:\/\/it.slashdot.org\/story\/22\/03\/20\/2351231\/cafepresss-previous-owner-fined-500000-for-shoddy-security-covering-up-data-breach<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2019\/08\/05\/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them\/?sh=66a2d027407e\">https:\/\/www.forbes.com\/sites\/daveywinder\/2019\/08\/05\/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them\/?sh=66a2d027407e<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/SHA-1\">https:\/\/en.wikipedia.org\/wiki\/SHA-1<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2022\/03\/ftc-takes-action-against-cafepress-data-breach-cover\">https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2022\/03\/ftc-takes-action-against-cafepress-data-breach-cover<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.theregister.com\/2019\/08\/06\/cafepress_hack_passwords_stolen\/\">https:\/\/www.theregister.com\/2019\/08\/06\/cafepress_hack_passwords_stolen\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On March 17, 2022, CafePress&#8217; past owner was fined $500,000 for security problems. What is CafePress? CafePress is an online retail store that allows customers to create their own products, like custom T-shirts, bags, mugs and other merchandise. &#8216;Shoddy&#8217; Security The Federal Trade Commission(FTC) claims that CafePress stored the customers\u2019 information in readable text, kept &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/24\/can-online-retailer-keep-your-personal-information-secure\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Can online retailer keep your personal information secure?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":342,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-2806","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Zhengru Chen","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/john-chen\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/342"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2806"}],"version-history":[{"count":3,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2806\/revisions"}],"predecessor-version":[{"id":2809,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2806\/revisions\/2809"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}