StockX, one of the most popular hubs for buying and selling sneakers, was reportedly hacked, exposing sensitive information of more than 6.8 million users worldwide according to TechCrunch.
On Thursday, the fashion and sneaker marketplace sent out a general password reset email to its users citing “system updates,” but did not elaborate further on what caused the alleged software update. However, TechCrunch’s Zach Whittaker reports that an unnamed seller contacted TechCrunch, claiming that the information of more than 6.8 million users was stolen from StockX in a data breach back in May. Provided with a sample of 1,000 records by the seller, TechCrunch contacted individual customers with unique information only they would know from their stolen records — including their real name, username combination and shoe size. Every person contacted confirmed their data as accurate. This data is already being sold on the dark web for about $300.
And here's the @StockX data being sold on the dark web. According to the listing, it's worth about $300 and it's already been sold to one person. (We're not linking to the listing.) pic.twitter.com/6YpEJATEQR
— Zack Whittaker (@zackwhittaker) August 3, 2019
In a statement, StockX has since acknowledged that “an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history.” The company also maintains that no customer financial or payment information has been impacted. However, some Twitter users are pointing out that fraudulent purchases have been made through their accounts.
Saying that "From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted." is completely false because i was impacted. Someone bought these with my credit card and my account had to be closed. pic.twitter.com/Y3EeVbEZ8g
— julio (@JulyCreps) August 4, 2019