Alleged StockX Hack Affects 6 Million Of The Popular App’s Users
Earlier this week, the popular sneaker reselling app StockX sent out emails urging their users to reset their passwords–but it turns out, the company wasn’t being very transparent about why their consumers should be concerned about their privacy.
The marketplace for all sneakers, apparel, and more was reportedly hacked, exposing sensitive information of more than 6 million users worldwide, according to TechCrunch.
On Thursday, the Detroit-based reselling platform sent out an e-mail regarding an alleged “update” to the site’s system, telling users to reset their passwords in order to resume use of the service. The problem here is that the e-mail did not detail what lead to the update. In a statement issued by a spokesman to TechCrunch, StockX admitted that it had been alerted to some suspicious activity involving the platform, but that may not have been the entire story.
According to TechCrunch’s Zack Whittaker, an unnamed data breach seller contacted their platform claiming that the information of more than 6.8 million users was stolen from StockX back in May. After being provided with a sample of 1,000 records by the seller, TechCrunch contacted the individual customers and provided them with unique information, including their real name, username combination, and shoe size. Every person confirmed their data was accurate.
This data is already being sold on the dark web for about $300.
Though StockX wasn’t exactly being transparent at first, following some backlash yesterday, they sent an-email to customers and posted a message on its website acknowledging that “an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history.”
The company maintains that the system update it implemented on Thursday was taken as a precautionary measure, as it “did not yet know the nature, extent, or scope of suspicious activity to which we had been alerted.” StockX also says that per its investigation, no evidence suggests that customer financial or payment information has been impacted. However, some Twitter users have pointed out that fraudulent purchases have been made through their accounts.
You can read StockX’s full statement regarding the breach and all other updates here.