Late last week, fashion and sneaker trading site, StockX, sent out a password reset email to customers citing “systems update.” But, it wasn’t a systems update as the company claimed, the password reset was actually the result of a hacker stealing 6.8 customers’ data.
The abrupt password reset email left many customers confused. So much so, that StockX has to assure users that the email was legitimate.
However, customers weren’t the only ones confused — many reporters were also suspicious. And when pressed, StockX changed its story with a spokesperson saying “StockX was recently alerted to suspicious activity potentially involving our platform.”
But, that wasn’t the whole truth.
In fact, according to TechCrunch, they were contacted by an unnamed data breach seller who told them that a hacker stole 6.8 million records from StockX back in May. However, the seller did not say how they obtained the data. TechCrunch verified the claims using a sample of 1,000 records the seller provided to contact users and confirm information only they would know.
The next day, StockX confirmed that it did, in fact, suffer a data breach.
However, it’s a little too late — the seller’s purportedly already sold the data for $300 on the dark web, according to TechCrunch.