Last week, users of StockX – one of the most popular platforms for buying and selling sneakers – were asked to reset their passwords. As revealed by TechCrunch, the website has been hacked, exposing over 6.8 million users’ data.
As users were confused of why they had to reset their passwords after a system update email was sent out last Thursday, StockX initially stated that it was legitimate and not a phishing email, without elaboration on the alleged system update. A spokesperson later opened that the company was "alerted to suspicious activity" on its website.
According to an unnamed seller who contacted TechCrunch, a hacker stole more than 6.8 million records from StockX back in May. The data, which includes users’ real names, email addresses, username combinations, trading currency and shoe sizes, is now being sold for $300 USD on the dark web. Under GDPR rules, which are a set of protection and privacy regulations in Europe, the company could be fined up to four percent of its global annual revenue.
StockX sent out an email to its users, mentioning it has been “alerted to suspicious activity potentially involving customer data” and “launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist.” As of now, neither StockX founder Josh Luber nor spokesperson Katy Cockrel have commented on the breach.
For more tech news, Facebook has revealed that it will be adding its name to Instagram and Whatsapp.
And here’s the @StockX data being sold on the dark web. According to the listing, it’s worth about $300 and it’s already been sold to one person. (We’re not linking to the listing.) pic.twitter.com/6YpEJATEQR
— Zack Whittaker (@zackwhittaker) August 3, 2019