Skip to Content

Hackers target one of the most popular fashion resale sites on the web

It can be surprising to see which websites and platforms hackers choose to target with cyberattacks. Usually, the go-to places are large social networks — places where a large number of people congregate. Alternatively, financial institutions and retail outlets make lucrative marks for aspiring cybercriminals.

In the case of retail, however, choice is a key factor. If a hacker hits a major chain like Target, for example, a goldmine of data can be gleaned because so many people shop there. On the flip side, small retail outlets and e-commerce platforms are often ripe for exploitation due to having fewer resources to expend on security.

And that’s just what happened at one of the most popular clothing resale sites on the web. This platform was frequented by millions of users each month — and now, personal data like email addresses, usernames, and even clothing sizes are in the hands of hackers. Will the data breaches ever stop, or has this just become the new normal for life on the internet?

Poshmark falls victim to major security breach

In a post to its company blog, popular fashion resale platform Poshmark announced that its servers had been accessed by an “unauthorized third-party.” The hackers managed to steal private data from users in the U.S. that included personal email addresses, Poshmark account usernames, clothing size preferences, and social media account information.

According to Poshmark’s post, passwords were also obtained by the hackers, but these Poshmark passwords were thankfully “hashed” by the security features of the website. This means they were protected by a form of encryption — but keep in mind that hashed passwords aren’t completely impossible to crack. Still, it’s far better than if the passwords were plain text.

Poshmark is encouraging its users to stay vigilant and be aware of any unusual emails or friend requests they receive online. Although a large amount of data was accessed, none of it would be enough for hackers to commit identity theft.

Having access to full email addresses, first and last names, and social media profiles, however, does make it easier for hackers to target and personalize phishing schemes.

I use Poshmark, what should I do?

Poshmark has acknowledged responsibility for the lapse in security and has decided to fully investigate the incident. On the plus side, the company has announced that it has beefed up its existing digital security for the time being, which will make it more difficult for events like this to occur in the future.

But what about if you’re already a Poshmark customer and you were affected by the breach? The company’s blog post is advising any and all users to change their passwords for the platform out of an abundance of caution.

Again, they emphasize that no financial data was stolen in the breach, but it is a wise move to heed their advice and change your password. Any time a security breach happens, the folks who wait to change their passwords are the ones most likely to suffer if the platform gets hit with another attack.

But then again, one should consider changing their password on a regular basis anyhow. While it may seem like a chore, it’s one of the smartest things you can do to protect your privacy and personal data.

With Poshmark’s hack in the rearview mirror, being safe with your accounts is the best way to protect yourself from future hacks. And don’t cross your fingers that they won’t come, because as we’ve clearly seen, hackers won’t be done any time soon.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days