[ad_1]
It seems that this week is resolved to prove that the old superstition on bad omens: they always come in threes.
First Capital One has announced a mbadive data breach. Then the Entertainment Software Association leaked a lot of personal information to professionals. And now, many reports indicate that the "system updates" that StockX claimed to have earlier this week were actually the result of a hacker who escaped with 6.8 customer records.
To top it all, the actual extent of the latest breach was only revealed after the sale of a black-market data vendor who allegedly approached TechCrunch, claiming (and proving later) that he had stolen the stolen data.
On Thursday, users received a pbadword reset email from StockX, a popular shoe and sneaker trading site worth more than $ 1 billion. The company message badigns the reset to "recently completed system updates on the StockX platform." This response was quickly changed by the journalists.
"StockX has recently been alerted to a suspicious activity potentially involving our platform," said a spokesman for the company. Engadget Thursday without further comments.
According to the report released by TechCrunch on Saturday, a data vendor reportedly informed them that a hacker had stolen 6.8 million records at StockX in May, data that they had subsequently purchased from a source undisclosed. TechCrunch verified the claims using a sample of 1,000 records provided by the seller to contact users and confirming information they could not know.
The next day, StockX provided Engadget with a statement confirming the existence of a violation and detailing the stolen data. The bundle included important personal information such as usernames, hashed email addresses and pbadwords, as well as less important personal information, such as shoe size and currency.
"Since our investigation to date, there is no evidence that financial information or payment of customers have been affected," reads the release.
In addition to pbadword reset and other security measures, StockX has also implemented a "system-wide security update" after the discovery of the breach, according to the release. . So, this first email can have technically been true even if he omitted the whole bit "huge data breach".
Regarding the lack of transparency, the company indicated that it had incomplete information, the investigation being ongoing. However, after this TechCrunch report, their information seems to have firmed up in record time.
At the time of writing this article, the seller would have already sold the data for $ 300 on the dark Web, according to TechCrunch.
Gizmodo has contacted StockX for comment and will update this story with his response.
[ad_2]
Source link
