[ad_1]
TC verified the claims by contacting people from a sample of 1,000 records using information they did not know
Although hackers do not seem to have taken particularly sensitive information, such as payment cards, this is still a major offense, especially when the seller intends to make the data available via the Internet. Dark web. This also raises questions about why StockX alerted users about pbadword resets without explaining what had happened or the extent to which user data was at risk. In simple terms, the victims did not know how big the problem was.
Update (03/08/19, 22:45 ET): StockX confirmed to Engadget that it had suffered a data breach. You will find below the complete declaration of the company.
StockX cares deeply about the privacy of its customers. Over the past few days, our company has discovered a data security issue and would like to provide you with an update on this situation.
We have been alerted by suspicious activity potentially involving customer data. As soon as we learned of the existence of a suspicious activity, we immediately launched a thorough forensic investigation and engaged third-party data experts and forensic experts to help them. Although our investigation is still ongoing, the forensic evidence suggests that an unknown third party was able to access certain client data, including the client's name, email address, delivery address, username, his hashed pbadwords and his purchase history. Since our investigation to date, there is no reason to believe that the financial information or payment of customers have been affected.
During our forensic investigation of suspicious activity, and out of caution, we implemented immediate changes to the infrastructure in order to mitigate and manage the potential effects of the property. Suspicious activity. These infrastructure changes include:
- a security update at the system level;
- a complete reset of the pbadword of all the client pbadwords with an email informing them of the clients of the reset of their pbadwords;
- rotation of high frequency identifiers on all servers and devices; and
- a lockout of our perimeter of cloud computing
We want you to know that we took these steps proactively and immediately because we had just started our investigation and we still did not know the nature, extent or scope of the suspicious activity on which we had been alerted. Although we had incomplete information, we felt compelled to act immediately to protect our customers as our investigation continued – and we took steps to do so.
Again, we take data security and privacy very seriously and will continue to communicate with our customers and work tirelessly to protect those who trust us with their buying experience.
Source link
