StockX the sneaker trading website loses over 6.8m consumers’ records within hack

StockX, a widely-visited one-stop-shop for purchase and sale of sneakers is reported to have been hacked, leaking over 6.8m consumers' sensitive information globally, as per TechCrunch. On August 1, 2019, the online marketplace offering sneakers and other fashion materials dispatched one e-mail asking its consumers to reset their passwords because the company was updating its systems. However, there was no elaboration as to why the alleged updating of software was taking place. Then on Sunday, the company admitted there had been a problem of data security on its website.

The data captured consisted of names, passwords, e-mail ids along with more profile information namely trading currency and shoe size. There were also the kind of device info about the end-user whether iPhone or Android as well as the software edition, in the seized data. www.techcrunch.com posted this, August 3, 2019.

One listing inside the dark web showed the data was being sold for $300. Someone in a short time purchased it. TechCrunch was given 1,000 records as a sample that came from the seller.

StockX tried covering the breach's news, but that raised worries related to ethics and also concerns of legal matters. The company's headquarter is in Detroit; however, it has a worldwide reach which includes consumers within EU. Consequently, StockX falls under the purview of General Data Protection Regulation of the European Union.

The regulation mandates companies to pay fines upon failure towards prevention of a hack along with disclosing all information about a hack within 72-hrs since its detection. Considering that StockX didn't just lapse in disclosing the hack, however, even attempted at hiding the news from public it could draw the notice when investigation into the incident starts by the European Union Privacy Commissioner.

StockX is considerably endangered with an enormous fine payment (a maximum of 4% of yearly earning) along with other damages incase its failure towards notifying consumers about their data's hack is proved. This is as per the GDPR regulation. Rendition Infosec's founder Jake Williams said StockX deprived its consumers from the opportunity of assessing their data's leakage via abstaining from notifying them about the hack when it occurred.

» SPAMfighter News - 8/12/2019