6.8M records stolen in hack of sneaker trading site StockX
Venture capital-backed sneaker trading site StockX Inc. is the latest to be hacked, with the records of 6.8 million customers stolen.
The hack was originally covered up with StockX pushing out a password reset to customers as part of a “system update” on Thursday. But the company confessed on Sunday that it had what it describes as a “data security issue.”
The data stolen is said to include customer name, email address, shipping address, username, hashed password and purchase history. The company said no financial or payment information had been stolen.
Details of the hack remain unknown. But TechCrunch, which said it was contacted by an “unnamed data breach seller,” reported that the hack took place in May and the records were available to be purchased for $300 on the dark web, a shady part of the internet reachable with special software.
The fact that StockX attempted to cover it up raises not only ethical concerns but legal ones as well. The company is based in Detroit but offers a global platform that includes customers in the European Union. That means StockX is subject to the EU’s General Data Protection Regulation.
The regulation includes fines for companies not taking proper care to prevent hacking as well as a requirement to disclose details of a hack with 72 hours of its discovery. The fact that StockX not only failed to disclose the hack but actively tried to cover it up initially could attract attention when the EU Privacy Commissioner starts to investigate the case.
The only real question for StockX is: How big will their GDPR fine be? The regulation allows for a fine of up to 4 percent of global revenues. StockX’s revenue figure isn’t public, but the company has found success in its sneaker and related items e-commerce model. It has raised $160 million in venture capital to date from a list of well-known VC firms, including DST Global, General Atlantic and GGV Capital.
News of StockX’s hack comes off a busy week in hacking news led by Capital One Financial Corp. The Entertainment Software Association, known for its E3 conference, also experienced a “data leak” this week, with the records of more than 2,000 journalists stolen.
Image: StockX
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU