Buy and sell platform StockX recently suffered a data breach, says TechCrunch. The attack led to the disclosure of customer data, amounting to around 6.8 million records stolen from the company.
The sneaker and apparel trading service urged their customers to change their passwords through email claiming system updates. The platform confirmed to customers that the password reset email was authentic and encouraged users to heed their advice.
Failure to inform users
This security move is more than what the firm makes it out to be. StockX said that this campaign occurred after being “alerted to suspicious activity” on its website. In many cases, this is a solid step to prevent cybercrooks from scrambling and recycling leaked login credentials.
Customers expressed suspicions pertaining to the email with concerns of phishing attacks. The platform assured consumers that this move aims to reinforce their security.
However, TechCrunch clarified that the statement released by a StockX spokesperson “[was not] the whole truth.” The media outlet found out that through an unnamed source that the buy and sell service suffered from a breach. This attack compromised millions of user data.
The source, identified as a data breach seller, refused to disclose how they got hold of the records. However, the seller put up a listing for the StockX data on the dark web. The listing went for $300 after a buyer purchased the records.
According to the source, the compromised info includes email addresses, passwords, profile details and names. Moreover, the breach also involves the type of device customers use.
To prove their claims, the unnamed source gave a data sample to TechCrunch. The media outlet got in touch with customers included in the sample record. This is to confirm the veracity of the tip.
Customers who replied verified the details given by TechCrunch.
TechCrunch reached out to the company and its representative but failed to get a response. The platform released a “non-attributable statement” verifying the article. However, the statement failed to satisfy TechCrunch’s enquiries related to the firm’s failure to notify users.
Founder Josh Luber and CEO Scott Cutler have yet to release a statement regarding the matter. Meanwhile, Experts say that this move denied StockX customers the opportunity to assess the safety of their records.
StockX has a valuation of more than $1 billion in July 2019 after completing a fundraiser amounting to $110 million.