Sneaker marketplace StockX experienced a breach that put millions of customers’ data at risk.
News of the hack, which broke on Friday night, was confirmed by the company as “suspicious activity” over the weekend. Initially, StockX claimed its backend was initiating “system updates” when a notification asked users to reset their passwords. However, as it turned out, the e-commerce platform did indeed experience a data breach back in May, with the information then being sold on a third-party site. The hack compromised customer information including names, email addresses, shipping addresses and hashed passwords, along with less vital data such as shoe sizes and currency used.
“We were alerted to suspicious activity potentially involving customer data. Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist,” the company eventually told Engadget in a statement.
StockX went on to confirm that “from our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.”
The retail breach was addressed with several steps, which StockX seemingly took without alerting customers to the actual hack. The company outlined these “precautions,” which included a system-wide security update, the aforementioned full password reset request from all customers, high-frequency credential rotation on all servers and devices and a “lockdown” of the site’s cloud computing perimeter.
StockX is currently valued at over $1 billion, making the Detroit-based startup a tech unicorn. This is thanks in part to its $110 Series C funding round, which it closed in June. The site’s popularity can be credited to its dedicated market base of fashion-conscious millennials. As of June, the company’s chief operating officer role has been assumed by former eBay executive Scott Cutler.