The data breach has hit a fashion and sneaker trading platform, Stockx, exposing millions of customers’ personal information to third parties. According to the report earlier published by Techcrunch, some of the data are already on the dark web for sale. The company that was valued at $1billion last year has joined the list of well-known platforms that have become victims of cyber attack in the first half of 2019.
It all started when Stockx sent a sudden link to customers to reset their account passwords. This created a severe suspicion as most customers thought the links were sent by cybercriminals in a bid to get illegal access to their account through phishing. However, the company cleared the misunderstanding and informed its customers that systems update had been made, demanding users to reset their passwords.
Investigation revealed that the platform was hit by a severe data breach, affecting the personal information of about 6.8 million users. TechCrunch reported that they received information from an unknown dark web seller, informing them that the details of customers were listed for sale. As claimed by the report, someone showed up and bought the data for $300, which was the asking price.
To prove the authenticity of the information, the unknown person provided samples of 1000 records to the reporters. Among the provided data were names of customers, email addresses, shoe sizes, passwords, device names, software version, and trading currencies. The records even had an internal flag indicating banned users.
Some of the customers were then contacted to verify the credibility of the information. Surprisingly, all contacted customers confirmed their names, usernames and shoe sizes. Soon after, reporters contacted Stockx for confirmation but no statement was issued.
The founder of Rendition InfoSec, James Williams stated that Stockx had robbed its users of the chance to evaluate their exposures. This came when multiple questions raised were ignored by fashion and sneaker platform.
Stockx later in the day issued a statement to its customers through email, confirming that a third party had breached its system to get access to customers information such as names, shipping addresses, trading history, passwords, and emails. According to the statement, the system update made, and the reset of password links sent to customers was a precautionary measure undertook since the degree of the breach was not yet known.
In addition, it was stated that the company engaged a forensic expert and a third party data incident to conduct a thorough investigation. The comprehensive investigation confirmed the breach of customers’ personal data. However, no record of breach of payment details was found. It is not yet known since the investigation is ongoing. Apart from the password reset links issued to customers, Stockx has also conducted a system-wide security update, a lock-down of cloud computing perimeter, and high-frequency credential rotation in all devices and servers. They finally stated that they take data security seriously, and would work hard to protect customers who trust them with their trading experience.
The data breach has become a cause for concern as the number of incidents recorded in the first half of 2019 shows an insane acceleration compared to last year.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.