The Poshmark online clothing marketplace, which allows North American users to buy and sell new or used clothing, footwear and accessories, has disclosed a data breach.
According to the company, an unauthorized party was able to access their servers and steal user information, including their usernames, hashed passwords, first and last names, gender, and city of residence.
Users who connected their social media accounts to Poshmark also saw their clothing size preferences, emails, and social media profile information stolen by the attackers.
While the user's hashed passwords were stolen in violation, Poshmark uses a one-way hashing algorithm to encode their passwords, and the company has also randomly salted or encoded some passwords from users to the user, making it nearly impossible to use stolen passwords. access an account.
Poshmark data breach
The perpetrators of the data breach also managed to obtain certain internal preferences of the Poshmark account, which the company uses to send notifications by email, browser and push mode on mobile.
The online marketplace did not reveal when the crime occurred or when it was first discovered. However, Poshmark stated that the hackers had not seized financial data or physical addresses.
In a security advisory, the company explained its action plan as a result of the breach, in these terms:
"We conducted an internal investigation and hired the services of external experts, including a major forensic security firm." The forensic security firm we hired conducted extensive tests designed to detect vulnerabilities in our software and systems. After testing, the company indicated that it found no significant vulnerabilities. While our security was already strong, we implemented enhanced security measures across all systems to prevent this type of incident from happening again. "
Poshmark now notifies all affected customers by email and thankfully none of its Canadian users have been affected by the breach.
Through ZDNet