If you saved up the birthday money your nana sent you to buy a pair of fancy Adidas or the Nike Kyrie 5 Spongebob from StockX, you might want to change your password from HypeBeast420.
A data trader has been offering to sell the data of more than 6.8 million StockX customers, which was stolen from the online fashion marketplace in May, according to TechCrunch. This comes after multiple reports claiming that the “system updates” StockX pushed out last week were actually in response to a hacker gaining access to customers’ records.
Now, StockX, which has a reported $1 billion valuation, has posted a message admitting that “an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history.” It claims that financial or payment information does not appear to have been stolen.
In response to the hack, StockX noted that it sent out an email alerting customers to reset their passwords, so the whole “systems update” thing is true. It just glossed over the fact that it was hit with a data breach.
In the blog post, StockX claims it acted “proactively and immediately” by asking its entire customer base to reset their passwords, even though it “did not yet know the nature, extent, or scope of suspicious activity to which we had been alerted.” The company also says it’s updating its security, conducting “high-frequency credential rotation on all servers and devices,” and engaging “a lockdown of our cloud computing perimeter.” Don’t all those fancy words make you feel more secure already?
Don’t feel too safe, though. According to TechCrunch, the StockX customer data, which TechCrunch confirmed by contacting customers and asking them their shoe size and user name, was being sold on the dark web for $300, and at least one person already bought the data. Cool.