Clothing Resale Marketplace Poshmark Announces Data Breach
August 1, 2019Poshmark, a website focused on letting people sell used clothes, announced Thursday hackers had stolen data from the company.
"We recently discovered that data from some Poshmark users was acquired by an unauthorized third party," the announcement, sent to a Poshmark user who shared it with Motherboard, reads.
The information stolen includes a customer's username, first and last name, gender, city, clothes size preference, email address, and hashed password, according to the announcement. The data also included "social media profile information collected when users connect social media accounts to Poshmark," the announcement added. The company also posted about the breach on its blog.
Do you know about another data breach? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Hashes are a more secure way of storing passwords rather than in plain text, but some forms of hashes can be cracked by hackers. A Poshmark spokesperson said in an email the company used bcrypt, a robust hashing algorithm. In its announcement, Poshmark recommends changing your password as a precaution.
"We take the trust you have placed in us extremely seriously, and since learning of this incident, we've expanded our security measures even further. We've conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future," Poshmark's announcement added.
"[Poshmark is a platform built on love and transparency, and we're committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn't be the community we are today. We sincerely regret any concern this may cause you, and we're here to answer any questions you may have," it read.
Poshmark did not immediately respond to a request for additional comment.
Update: This piece has been updated to include additional information from a Poshmark spokesperson.
Subscribe to our new cybersecurity podcast, CYBER.