StockX has been hacked, exposing more than 6 million user data!
StockX, one of the most popular centers for the purchase and sale of shoes, has been hacked. Piracy has exposed the personal information of more than 6.8 million users worldwide, according to TechCrunch.
The Hack
On Thursday, the fashion and sneaker market sent a general email to reset the password to its users, citing “system updates”. But they did not specify the cause of the alleged update of the software. TechCrunch’s Zach Whittaker, however, reports that an anonymous vendor contacted TechCrunch, claiming that more than 6.8 million users had been stolen from StockX during a data breach in May.
Provided with a sample of 1,000 records by the vendor, TechCrunch contacted individual customers with unique information that only their stolen contacts might know about. Such as their real name, combination of username and even the size of the shoe. Each person contacted confirmed their data as accurate. This data is already sold on the dark web for about $ 300.
And here's the @StockX data being sold on the dark web. According to the listing, it's worth about $300 and it's already been sold to one person. (We're not linking to the listing.) pic.twitter.com/6YpEJATEQR
— Zack Whittaker (@zackwhittaker) August 3, 2019
The Impact
StockX has sent an e-mail to customers and posted on its website a message acknowledging that “an unknown third party was able to access certain customer data, such as the customer’s name, e-mail address, delivery address, username, hashed passwords and purchase history.”
The data also included the user’s device type, such as Android or iPhone, and the software version.
StockX also indicates that there is no evidence to suggest that financial or payment information from customers has been affected. But some Twitter users pointed out that fraudulent purchases were made via their accounts.
Saying that "From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted." is completely false because i was impacted. Someone bought these with my credit card and my account had to be closed. pic.twitter.com/Y3EeVbEZ8g
— julio (@JulyCreps) August 4, 2019
The Quotes
“The longer StockX takes to make a statement, the less credibility they will have” – Information Security Analyst Cassie Brunetto.
“I think they handled the disclosure unethically and probably in the worst way possible. I’m curious to know what vulnerability was exploited though, because this could potentially expose holes that were or still are present in their systems and processes. As a consumer, I would be apprehensive about doing business with them going forward because I’m concerned about my data privacy and security.” – Cassie Brunetto
StockX was valued last month at over $ 1 billion after a $ 110 million fundraiser.
You should read about Fake Influencers, an Exorbitant Cost for Brands!
Photo Credits: StockX