CafePress had 23 million user records swiped reportedly back in February and this morning triggered a mass password reset, calling it a change in internal policy.
Details of the security breach emerged when infosec researcher Troy Hunt’s Have I Been Pwned service which lists websites known to have been hacked, allowing people to check if their information has been stolen began firing out emails to affected people in the small hours of this morning.
CafePress has not publicly commented on the matter. Some users have reported that they have been prompted to reset their password when attempting to log into their CafePress account. It’s entirely possible that CafePress was not even aware of the breach until today.