Zazzle resets "thousands" of accounts after hackers brute-force passwords

The company denied its systems were hacked, saying that the passwords were stolen from another site.

(Image: file photo)

Zazzle is warning customers that hackers may have compromised their accounts.

Here are 2017's biggest hacks, leaks, and data breaches — so far Here are 2017's biggest hacks, leaks, and data breaches — so far Dozens of data breaches, millions of people affected.

The company's chief technology officer Bobby Beaver confirmed in an email to ZDNet that "thousands of accounts" were affected, representing what he called "a small percentage of accounts."

The company sent an email to customers revealing that that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.

The online marketplace denied that its systems had been directly breached.

Zazzle said that customers will be prompted to choose a new password when they next visit the site.

"The reset procedure we referenced requires the user reconfirm their email address by sending a security token to that email address," said Beaver. "As such, a malicious actor could not reset the password for the account -- unless they had access to the email account itself, which is not in our control."

Zazzle's login page now features a one-click CAPTCHA box, aimed at slowing down automated login attempts, and the company said it was "currently evaluating additional safeguards" to deter similar attacks.

Got a tip? You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Show Comments