Posts

Online clothing reseller, StockX, has admitted that hackers have compromised their customer accounts. StockX, an online platform for reselling high-end shoes and apparel, appears to have suffered a data breach that affected 6.8 million of its customers’ accounts.

Forced Password Reset

However, that is not the newsworthy part of the story. After discovering suspicious activity on its servers that could have indicated unauthorized access, StockX sent out a forced password reset to its customers following the StockX data breach but did not state why. The information in the message requiring users to change their passwords was so vague that some questioned whether or not the email was a phishing attempt.

When a tech industry news outlet reached out to StockX for a comment on the forced reset, they were told that it was part of necessary system updates. However, that seems not to have been true. The same news outlet was later contacted by a hacker who claims to have stolen the customers’ information and posted it for sale on the Dark Web. The hacker went on to provide 1,000 records from the database to prove the StockX data breach was real.

The outlet, TechCrunch, contacted those individuals and verified that the stolen information, which contained their emails, usernames and shoe sizes from previous purchases at StockX, was accurate. At the time of the discovery, the hacker claimed the database of records had already been purchased at least once.

TechCrunch has not received any updates from StockX and their questions have gone unanswered. It is important for the public to be aware of some of the ramifications in the StockX data breach since it could happen with other companies and future data breaches.

Never Reuse Passwords

Companies actually do force password resets just to be on the safe side. If a security team discovers password combinations from previous data breaches of other companies, for example, they can compare those stolen passwords to ones on their site. If their customers have used the same email and password on this company’s website that they had on a site that has already been breached, that might trigger a forced password reset.

Never reuse a password. The hacker who made off with 6.8 million usernames and passwords in the StockX data breach is hoping that a lot of those people reused their email and password combination on their Amazon account, PayPal account, online banking account or email.

Watch for Phishing Emails

Scammers know that password reset emails are easy to fake. All a scammer has to do is steal the logo from a company’s website, make a fake email address and send it out to millions of people, telling them to click here to change their passwords. Instead, the scammers are gathering up the “old passwords” that the victims typed by following the link.

Customers who were suspicious are very smart. As a result of phishing tactics, it was incredibly savvy of the customers who reached out to the company and tech experts for advice. Never click a link you were not expecting or verify your account information for someone who contacts you.

Have Good Identity Hygiene

Change your passwords frequently, especially if you receive a notification like this one in the StockX data breach. It is simple and smart to change your passwords, just do not rely on an email with a link to do it. Go directly to the company’s website yourself and change your password in your profile settings. Ignore and delete the email, whether it was legitimate or not, and handle the password reset yourself.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Poshmark Data Breach Leads to Emails and Passwords Being Exposed 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

The latest Poshmark data breach has led to personal identifying information (PII) being exposed for some users of the marketplace concept that lets people buy and sell clothing and beauty items.

Thanks to the abundance of websites and apps that let us buy, sell, and trade, it has never been easier to find what we love. That is the theory behind Poshmark. On the buyer side, you can look for just the right outfit from users’ virtual closets. On the seller side, you can make some money for items you have already got hanging at home.

Unfortunately, a platform like that will draw quite a few users, which can put it in a hacker’s crosshairs. The company announced it had discovered a data breach of its servers, and it has now helped to specify what types of information were compromised.

The information exposed in the Poshmark data breach appears to be limited to variables like email and username, as well as some shopping preferences like common sizes and encrypted passwords that are not supposed to be visible even if a hacker accesses them. However, to be on the safe side, Poshmark recommends changing your password if you discover that your information was affected by the Poshmark data breach.

Check Where Your Info May Have Been Compromised

There are a couple of handy tools that can help keep internet users safe. The first is a fairly comprehensive website known as HaveIBeenPwned.com. You simply type in your email address and it will show you exactly which known data breaches have contained information related to your email. It is a good idea to try it with any email account you have, even ones that are outdated or you no longer use.

The other tool appeared as part of Mozilla Firefox’s latest browser update. By even visiting Poshmark.com or its blog, Mozilla popped up a quick tab that explained user data had recently been stolen from that website. The option to enter your email address to check on your data was included in the popup. Other platforms offer similar tools, and they can help you keep tabs on where your information may have been compromised.

Change Your Password

Poshmark’s advice is sound. In the Poshmark data breach or any other data breach, changing your password should always be one of your first steps.

Never Reuse Passwords

Also, this serves as the most recent reminder of a crucial data security rule: Never reuse your email and password on multiple accounts. If any hackers gained this information from Poshmark, they can easily use it to cross-reference against other, more sensitive websites and apps. If any Poshmark account holders reused their passwords for their email, web retailers, social media, workplace computers, financial accounts or more, the hackers now control them. Change your passwords immediately if you are one of the many consumers who reuse your passwords, and do not forget to update them regularly just to be safe in case there is a data breach like the Poshmark data breach.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Background Check Websites Offer Scammers Your Data 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them