I received an email this morning regarding Spreadshirt having suffered a data breach. As the vast majority of such emails turn out to be scam/phishing I was going to junk it as I couldn't remember ever using this company, however going back through my purchase emails it turns out they were the supplier for the NGF button badges I bought back in 2017.
I don't think I ever created an account with them (I keep a record of all my shopping accounts) and I paid by PayPal, so I don't believe I need to take any action, but I will of course be on the lookout for dodgy spam/phishing emails.
The text of the email is:
"
We are writing to inform you that we were recently the target of an organized cyber-attack that was carried out with considerably vicious criminal intent. The unidentified perpetrators managed to hack into our servers and access data stored there, and they possess the ability to publish this information. Since customer data was also compromised, we'd like to proactively notify you about this incident.
The data accessed includes address information and password hashes saved before 2014. According to our most recent information, your payment data has not been compromised.
If you have an account with us, we highly recommend that you change your password.
Data security has the highest priority for us and we deeply regret that personal data has been accessed as a result of this cyber-attack.
We are currently working closely with external cyber-security experts to ensure that this kind of incident cannot happen again and we have informed the relevant authorities.
If you have any questions, please contact our service team by email: customersupport@spreadshirt.net
Thank you for your understanding. We've set up a help page that we will be updating as soon as we have any new information:
https://help.spreadshirt.com/hc/en-gb/articles/4403591449490 (https://help.spreadshirt.com/hc/en-gb/articles/4403591449490)
Your Spreadshirt & Spreadshop Team
"
I only read this because I thought you'd mistyped "Spreadsheet" :D
John P
I had the same e mail but just deleted it as I'd never heard of them before. I have, however, bought a polo shirt from the NGS Merchandise shop but have never opened an account with them.
This may/may not be of interest to @Tank (https://www.ngaugeforum.co.uk/SMFN/index.php?action=profile;u=2)
https://shop.spreadshirt.co.uk/631315/ (https://shop.spreadshirt.co.uk/631315/)
If the data pertains to pre 2014 most of us will have new cards/payment details maybe
P.S. I'm glad the T shirt is 'breathable'. What's the use of one you can't breathe in? :worried:
Quote from: Newportnobby on July 13, 2021, 02:35:32 PM
I had the same e mail but just deleted it as I'd never heard of them before...
If the data pertains to pre 2014 most of us will have new cards/payment details maybe
More relevant is the fact Spreadshirt obviously have your email address due to a past transaction, so the likelyhood is that's been stolen and could be used to send you spam emails or maybe try and hack your email account through brute force password cracking. They could conceivably have your home address as well, if Spreadshirt handled the order fulfilment themselves.
I suggest that anyone who has used them, login through the main website and change their website. I wouldn't click the link in the emails, just in case. ;)