Culture 3 min read

StockX got Hacked, Millions of Customer Data Compromised / /

Just weeks after Capital One announced that its cloud-based servers had been breached, intruders made away with millions of StockX customer data.

Last Week, StockX became aware of suspicious activities that could potentially involve the platform. While the eCommerce site did not reveal the nature or extent of the threat to its users, it took some cautionary measures.

For one, it implemented a system-wide update. Then, the shoe selling-site sent an email to its customers, asking them to reset their passwords.  Along with locking down its “cloud computing perimeter, StockX also performed a high-frequency credential rotation on all servers and devices.

But, it appears that the “suspicious activity” is more severe than the eCommerce site led its users to believe. According to a TechCrunch report, the warnings stemmed from a severe data breach.

StockX Loses 6.8 Million Customers’ Records to Hackers

The reports say that a hacker stole 6.8 million customer records from the shoe trading site back in May. These include the names, email addresses, (hashed) passwords, as well as trading currencies, shoe sizes, and device version profiles.

TC also verified these claims. The tech news site contacted people from a sample of 1,000 records the seller-provided, and they confirmed information only the users would know.

About 24 hours after the report, StockX issued a statement through Engadget to give credence to TechCrunch’s report.

The statement reads:

“Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.”

So, why was the shoe trading site not upfront about the data breach?

In the statement, StockX explained that the investigation was still ongoing at the time, and the information was still incomplete.

Though we had incomplete information, we felt a responsibility to act immediately to protect our customers while our investigation continued—and we took steps to do so,” says the company.

The breach is still quite significant – even though the intruders did not have access to users’ payment information. That’s because the hackers intend to monetize the data.

At the time of TechCrunch’s reporting, the hackers had put the data up for sale for $300, and someone had already made a purchase.

Read More: Why Data Privacy Matters Even More in an IoT World

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.