• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Data Breach
  • Deep Web
  • Hacking
  • StockX hacked, customers’ data offered for sale on the dark web

StockX hacked, customers’ data offered for sale on the dark web

Pierluigi Paganini August 05, 2019

StockX, the live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, announced a data breach.

StockX is a live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, the company announced that the sneaker and streetwear buying platform had been hacked.

An unauthorized user was able to access customer data, as part of the incident response, StockX forced a password reset for its customers.

Last week the company sent out emails to instruct users to reset their passwords due to a mandatory security update.

At the end of last week, StockX began sending out emails to all of their customers stating that a password reset was required due to a security update.

StockX pwd reset

Initially StockX stated that they were alerted to suspicious activity regarding customer data. The company immediately launched an investigation that allowed it to discover the security breach.

According to TechCrunch this was a partial truth, because an unnamed darkweb seller contacted TechCrunch claiming more than 6.8 million records belonging to the company. According to the seller the data were stolen by a hacker back in May.

“A spokesperson eventually told TechCrunch that the company was “alerted to suspicious activity” on its site but declined to comment further. But that wasn’t the whole truth.” reported TechCrunch.

“An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data. In a dark web listing, the seller put the data for sale for $300. One person at the time of writing already bought the data.”

The seller was offering the data for sale for $300, he also provided TechCrunch a sample of 1,000 records. TechCrunch We contacted customers and verified the authenticity of the data.

Exposed data included names, email addresses, hashed password (salted MD5), and other profile information such as shoe size and trading currency. The compromised data also included device information and other info used for an internal purpose. the good news is that no financial data was exposed.

“We were alerted to suspicious activity potentially involving customer data. Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist.” reads the data breach notification. “Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.”

The company announced to have implemented some changes to its infrastructure to mitigate the suspicious activity. These infrastructure changes included:

  1. a system-wide security update;
  2. a full password reset of all customer passwords with an email to customers alerting them about resetting their passwords; 
  3. high-frequency credential rotation on all servers and devices; and
  4. a lockdown of our cloud computing perimeter

At the time the company did not disclose the number of affected victims or details about the hack.

“As we investigate, StockX will continue to take additional measures, as needed, to protect the privacy of our customers. In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well.” concludes the company.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – StockX, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Cybercrime Dark Web data breach Hacking hacking news information security news Pierluigi Paganini Security Affairs Security News StockX

you might also like

Pierluigi Paganini July 19, 2025
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
Read more
Pierluigi Paganini July 18, 2025
Authorities released free decryptor for Phobos and 8base ransomware
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

    Hacking / July 19, 2025

    Authorities released free decryptor for Phobos and 8base ransomware

    Malware / July 18, 2025

    Anne Arundel Dermatology data breach impacts 1.9 million people

    Data Breach / July 18, 2025

    LameHug: first AI-Powered malware linked to Russia’s APT28

    APT / July 18, 2025

    5 Features Every AI-Powered SOC Platform Needs in 2025

    Security / July 18, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT