Threat Watch

Poshmark Clothing Breach

Poshmark, a popular online market place where US users can buy and sell new or used clothing, shoes, and accessories disclosed a data breach on August 1st, 2019. Poshmark stated that an unauthorized party gained access to its systems and stole customer information. The information stolen included usernames, hashed passwords, first and last names, gender, and city of residence. Other information included clothing sizes, email addresses, social media profiles if the user connected their social media to Poshmark. The company stated that user passwords were not included in the breach due to their password salting process. Poshmark has yet to reveal when the breach happened or when they were notified of the issue. In a blog post and a security notice from Poshmark, the company stated that they have contacted a security vendor and performed a security audit. Poshmark stated that only US users had their data stolen. No other databases were involved. The company stated that it has over 50 million registered users, but has not revealed how many of its customers were involved.

ANALYST NOTES

Customers of the Poshmark service are recommended to change their passwords to a unique and more complex password. Users are also advised to be on the lookout for targeted phishing campaigns. The information stolen could be used to trick a victim into accepting malicious email requests.