Sneaker marketplace StockX was apparently hacked, revealing confidential information of 6.8 million customers worldwide according to TechCrunch.
On Thursday, the Detroit-based company sent out a password reset email to its users regarding a purported update to the website’s system, persuading its customers to reset their passwords to resume use of the platform. Nonetheless, the email did not specify what caused the update.
StockX has acknowledged that it had been notified of suspicious activity involving the marketplace, though there appears to be more to the data breach.
An anonymous data breach seller contacted TechCrunch asserting that the information of more than 6.8 million customers was stolen from StockX in May by a hacker.
The sample of 1,000 customer records was confirmed to be accurate. TechCrunch has contacted customers individually and supplied them with information like their real name, username combination, and shoe size.
The breached data contained sensitive information such as names, email addresses, passwords (Considered to be hashed with MD5 algorithm and salted), shoe sizes, and other kinds of information.
A cybercriminal is selling the data on the dark web for approximately $300.
There has been controversy regarding the data breach as spokesperson Katy Cockrel and StockX founder Josh Luber have remained silent on the issue so far.
The platform could potentially pay an enormous fine of up to 4% of annual revenue and additional compensation if it is demonstrated that it failed to notify customers of the breach of their data.
Just last month, StockX was valued at over $1 billion after a $110 million Series C funding round from venture capital firm DST Global, global growth equity firm General Atlantic, and global venture capital firm GGV Capital.