[BreachExchange] Clothing resale site Poshmark suffers data breach

Destry Winant destry at riskbasedsecurity.com
Fri Aug 2 10:00:24 EDT 2019


Clothing resale site Poshmark has been hacked. Data from users in the
US, including full names, usernames, genders, email addresses, hashed
passwords, clothing size preferences and social media profile
information, were accessed by "an unauthorized third party."

In response, Poshmark announced it conducted an internal investigation
with support from a security forensics firm and "did not find any
material vulnerabilities." It has, however, "enhanced security
measures across all systems to help prevent this type of incident from
happening in the future."

In a blog post, Poshmark advises users to change their passwords just
in case. The accessed data does not include financial information or
physical addresses, and affected users will be notified by email. The
company added that hashed passwords are protected by encryption, which
should make them difficult (but not impossible) to crack. This sort of
data does, however, leave people open to the risk of phishing scams.

The company apologized for the breach, saying, "Poshmark is a platform
built on love and transparency, and we're committed to serving you,
and our entire community, every step of the way. You are the core of
our business, and without you, we wouldn't be the community we are
today. We sincerely regret any concern this may cause you, and we're
here to answer any questions you may have."

More information about the BreachExchange mailing list