[ad_1]
It was not "system updates" as it claimed TechCrunch can confirm that StockX was cleaning up after a data breach.
The fashion and sneaker trading platform sent a pbadword-reset e-mail to its users Thursday, citing "system updates," while leaving them confused and searching for answers. StockX explained to the users that the email was legitimate and not a phishing email, as some people suspected, but without indicating the cause of the alleged update of the system or the reason why it was not there. no prior warning.
A spokesman finally told TechCrunch that the company had been "alerted to suspicious activity" on his site, but declined to comment further.
But that was not the whole truth.
TechCrunch was contacted by a vendor involved in an unidentified data breach, claiming that more than 6.8 million records had been stolen from the site in May by a hacker. The seller refused to specify how he got the data, but promised to put the stolen records for sale on the Web, for sale.
The vendor provided TechCrunch with a sample of 1,000 records. We contacted customers and provided them with information they could only know about their stolen files, such as their real name, their username combination and their size. All those who responded confirmed that their data was accurate.
The stolen data contained names, email addresses, hashed pbadwords, and other profile information, such as shoe size and business currency. The data also included the type of device the user, such as Android or iPhone, and the software version. Several other internal indicators were found in each record, for example if the user was banned or if European users had accepted the company's GDPR message.
Under these GDPR rules, a company may be fined up to 4% of its annual worldwide business turnover for violation.
Prior to publication, neither spokeswoman Katy Cockrel nor StockX founder Josh Luber responded to a request for comment.
StockX was valued last month at more than $ 1 billion after a $ 110 million fundraiser.
Source link
