Poshmark, a clothing marketplace designed to sell used clothing, reveals it suffered a data breach. The company announced the breach via a blog post on its website, dated August 1, 2019.
Tech Crunch reports that the company currently has 50 million users. The online marketplace is primarily known for its clothes selling platform. However, the company also recently ventured out into selling home goods such as candles and wall art, says Pymnts.
According to the blog post, the marketplace encountered a data breach through an unauthorized third party. While the company acknowledges that no financial information became affected, other sensitive data remain compromised. These include usernames, first and last names, and the user’s gender.
Besides the account details, hackers also obtained email addresses, user identification, passwords, social media profiles, and user size preferences. Despite the massive data breach, the company remains confident that hackers will not access accounts with the gathered information.
Internal Poshmark preferences, including email and push notifications, also remain compromised by the breach.
Based on the report published by Tech Crunch, Poshmark uses a specific hashing algorithm to protect its users and their account information. The passwords, in particular, used bcrypt hashing, which Tech Crunch touts as “one of the stronger algorithms available.”
Following the data breach, the company reportedly reached out to an investigative team, says Tech Crunch. Kroll works with Poshmark as the third-party forensics firm in charge of investigating the data breach.
In addition to launching a series of investigations, the company also implemented “enhanced security measures across all systems.” This prevents a similar data breach from happening in the future, as noted in the blog post.
Although the company has taken relevant steps to address the situation, it has also advised its users to change passwords. Affected individuals can reach out for additional help and support services at firstname.lastname@example.org.
The selling platform also apologized to users in a statement. Poshmark says it “[regrets] any concern this may cause you, and we’re here to answer any questions you may have.” In the statement, it also acknowledges the importance of users, saying it is “a platform built on love and transparency.”
Tech Crunch states Poshmark did not reach out to state regulators, saying the “nature of the information was not financial.” With hackers failing to obtain financial details, the marketplace only contacted local law enforcement regarding the issue.
Despite the internal and external investigations conducted by the company, updates surrounding the issue remain sparse.