Over the weekend StockX, a popular sneaker and streetwear buying platform, announced that their servers had been accessed by an unauthorized third party who accessed customer data. Customers became suspicious when, at the end of last week, they started to receive emails from StockX stating that a password reset was required due to a security update. Users who received this took to Twitter to confirm that the emails were legitimate. StockX representatives responded to confirm the truth of these emails. The company confirmed that an attacker had gained access to their system and was able to access customer information that included customer names, email addresses, shipping addresses, usernames, hashed passwords and purchase histories. Researchers were able to confirm, through an unnamed source, that this data breach was for sale on the darknet. The unnamed source provided a small sample of the hacked information to researchers. In response to this breach, StockX stated that they are performing a system-wide security update, a full password reset of all customers, a lockdown of cloud computing and increasing the frequency of credential rotations. The company has not reported as to how many total customers were affected.
Analyst Notes
Users of the StockX platform are advised to change their password if not already done. All passwords should be made complex through the use of case sensitive letters, unique characters, and numbers. It is also advised to make each password unique to that login and never reuse the same password twice.
