On Thursday, the fashion and sneaker marketplace sent out a general password reset email to its users citing “system updates,” but did not elaborate further on what caused the alleged software update. However, TechCrunch's Zach Whittaker reports that an unnamed seller contacted TechCrunch, claiming that the information of more than 6.8 million users was stolen from StockX in a data breach back in May. Provided with a sample of 1,000 records by the seller, TechCrunch contacted individual customers with unique information only they would know from their stolen records — including their real name, username combination and shoe size. Every person contacted confirmed their data as accurate. This data is already being sold on the dark web for about $300.
In a statement, StockX has since acknowledged that “an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history.” The company also maintains that no customer financial or payment information has been impacted. However, some Twitter users are pointing out that fraudulent purchases have been made through their accounts.
Last month, StockX was valued at $1 billion, this new fortune will likely take a hit from as this story unfolds.