Cyber Incident Victim: Teespring
Date:
Dec 2020
Location:
United States of America
Summary
Teespring was among 26 companies affected by a data breach where a broker sold stolen user records on a hacker forum, with 8.2 million records compromised. The company had previously disclosed the incident but used a noindex tag to prevent search engines from indexing their advisory. The stolen data was priced between $3,800 and $4,000, and phishing emails targeting users were reported following the breach. While the legitimacy of some breaches was contested by other companies, Teespring did not respond to inquiries after initial confirmation of investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2020, Teespring suffered a security incident resulting in the theft of 8.2 million user records, which were later included in a December 2020 hacker forum listing by a data breach broker. The broker advertised the combined sale of 368.8 million records from 26 companies, with Teespring's database priced between $3,800 and $4,000. This breach was categorized as previously disclosed, with Teespring having acknowledged the incident in a December 1, 2020 community blog post that included a noindex HTML tag preventing search engine indexing. BleepingComputer discovered the forum listing on December 25, 2020 and contacted Teespring on December 27 for confirmation, receiving only an initial statement that the company was investigating. Subsequent attempts to obtain further details received no response. The compromised data's exact composition wasn't specified in the broker's advertisement, but historical patterns suggested potential exposure of credentials and personal information typical for e-commerce platforms.
Teespring's breach disclosure occurred nearly four weeks before the broker's forum listing became public, though the noindex implementation limited awareness of their official statement. The company did not issue additional public communications beyond their initial blog post when the data resurfaced for sale. Security researchers observed phishing campaigns targeting Teespring users following the breach's disclosure, though direct correlation between these malicious emails and the stolen database remained unconfirmed. Among the 26 companies listed in the broker's advertisement, Teespring represented one of eight newly identified breaches at the time of reporting, though their incident had been previously acknowledged unlike seven other newly listed organizations. The data broker's entire inventory included both fresh breaches and previously compromised datasets from companies across multiple countries and industries, with Teespring's 8.2 million records ranking as the fifth-largest dataset among the eight newly exposed organizations. No information was disclosed regarding the intrusion methodology, containment timeline, or specific remediation measures taken by Teespring beyond their original statement about investigating the June 2020 incident.