There is yet another data breach to report today. The fashion and sneaker e-commerce site StockX admitted that its data system was breached and hackers took millions of customers' information. Last Thursday, StockX sent out an email to customers urging them to change their passwords because of "systems updates."
The scope of the breach came to light when it was reported that StockX data already had been purchased on the dark web. On Saturday, StockX released a statement confirming the data breach.
Keep reading and we'll let you know what data was taken and how StockX finally confirmed the breach.
Email hid the news of data breach
The revelation that there had been a data breach at StockX began with an email urging customers to change their passwords due to "systems updates." The company had to confirm to confused customers that the email was legitimate but did not explain what it meant by system updates.
StockX then said it had been alerted to suspicious activity. Within hours, TechCrunch received a call from an anonymous data breach seller who claimed more than 6.8 million StockX records had been stolen by hackers in May. The data had already been purchased for $300 on the dark web.
The anonymous source provided a sample of 1,000 data records, which TechCrunch confirmed. As the media pressure mounted, StockX finally admitted that it had been hacked and described the scope of the data stolen.
StockX admits to large hack
Two days after its initial email to customers, StockX issued a statement saying the site had been hacked and it had immediately launched an investigation.
The company said that although the investigation is ongoing, evidence suggests hackers had accessed customer names, email addresses, shipping addresses, usernames, hashed passwords and purchase histories. StockX added that there is no evidence so far that customers' financial data has been stolen.
StockX said it already has made some changes to its infrastructure in order to fortify the site. They include:
- A system-wide security update.
- A full password reset of all customer passwords.
- High-frequency credential rotation on all servers and devices.
- A lockdown of its cloud computing perimeter.
"Though we had incomplete information, we felt a responsibility to act immediately to protect our customers while our investigation continued -- and we took steps to do so," according to StockX's statement.
The list of hacked companies grows
The StockX data breach is just one of three others that were announced last week. A major financial institution, an educational company and an online clothing site all publicized data breaches within days of each other.
Capital One revealed that 100 million of its U.S. customers were affected when its servers were hacked. Hackers took information on credit scores, credit card limits, balances, credit history, home addresses, and most alarming, Social Security and bank account numbers.
The number of customers whose Social Security and bank information was stolen stands at 220,000. The FBI has apprehended a person it believes is responsible for the hack, but the investigation is still ongoing.
Meanwhile, the accounts of more than 13,000 schools and universities were exposed when a data breach hit Pearson, a British company that produces educational tools including textbooks and digital textbooks. First and last names, email addresses and dates of birth were taken during the hack.
The company says no Social Security numbers, credit card numbers or any other financial information was accessed by hackers. The actual number of students affected by the hack is unknown but it is certainly in the hundreds of thousands.
Finally, hackers stole full names, cities, email addresses, linked social media profiles and account passwords from the online marketplace Poshmark. The passwords were encrypted.
The seller of used clothing said no financial data was taken. The company did not reveal how many customers were pinched in the hack, but it is advising all of its website's users to change their Poshmark passwords.
As always, you can trust Komando.com to keep you up-to-date on the latest data breaches as they happen.
Get protection against scammers and ransomware with IDrive. Go to IDrive.com and save 50% on 2TB of cloud backup when you use promo code Kim at checkout. That's less than $35 for the first year!
Patients of yet another health care provider had their personal and financial data exposed
Yet another health care company has been affected by the massive data breach at American Medical Collection Agency (AMCA). Clinical Pathology Laboratories (CPL) reports 2.2 million patients may have had their personal and financial data stolen.