Sneaker and streetwear resale site StockX was hacked, a data breach that exposed millions of its customers’ accounts. The Detroit-based company hinted at internal issues when it sent out an email on Thursday (August 1, 2019) requesting users change their password because of a “system update.” In follow up TechCrunch, the company admitted the request to change passwords was actually in response to “suspicious activity.”
Subsequently, TechCrunch reported it was contacted by a data breach seller claiming 6.8 million records were stolen from StockX in May 2019 by a hacker. The data was then placed on a dark web listing where it was priced at $300, which thus far was purchased by a single person. The source provided TechCrunch with sample of data for 1,000 accounts, who checked out as StockX users.
StockX followed up with an additional statement on Friday on its blog where the company announced, “Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist. Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.