Zazzle resets "thousands" of accounts after hackers brute-force passwords

The company denied its systems were hacked, saying that the passwords were stolen from another site.

(Image: file photo)

Zazzle is warning customers that hackers may have compromised their accounts.

Here are 2017's biggest hacks, leaks, and data breaches — so far

Dozens of data breaches, millions of people affected.

Read More

The company's chief technology officer Bobby Beaver confirmed in an email to ZDNet that "thousands of accounts" were affected, representing what he called "a small percentage of accounts."

The company sent an email to customers revealing that that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.

The online marketplace denied that its systems had been directly breached.

Zazzle said that customers will be prompted to choose a new password when they next visit the site.

"The reset procedure we referenced requires the user reconfirm their email address by sending a security token to that email address," said Beaver. "As such, a malicious actor could not reset the password for the account -- unless they had access to the email account itself, which is not in our control."

Zazzle's login page now features a one-click CAPTCHA box, aimed at slowing down automated login attempts, and the company said it was "currently evaluating additional safeguards" to deter similar attacks.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All