StockX Faces Class Action Lawsuit After Data Breach Left Users' Information Exposed (UPDATE)

Filed in a US District Court.

By
Tech
23,374 Hypes 16 Comments

UPDATE (August 22, 2019): Weeks after StockX suffered a data breach that led to more than 6.8 million customer records being exposed, the online trading platform is now facing a class action lawsuit claiming that the stolen data has caused “irreparable harm.”

The current plaintiff is a minor from Kansas identified as “I.C.” who had his personal information stolen and subsequently sold by the hackers. His legal team says that the suit is being brought on behalf of all youth and minors affected by the incident. According to the filing: “Plaintiff and the class have been damaged in that plaintiff and the class spent time and will spend additional time in the future speaking with representatives, researching and monitoring accounts, researching and monitoring credit history, responding to identity theft incidents, purchasing identity protection, and suffering annoyance, interference, and inconvenience, as a result of the data breach.”

StockX has so far not issued any statement or comment on the lawsuit.

UPDATE (August 4, 2019): As reported by TechCrunch, the recent “suspicious activity” that prompted StockX to request password resets for its users may have been much more serious than initially reported. TechCrunch notes that “an unnamed data breached seller” claimed that over 6.8 million records were stolen from the site in May by hackers.

The seller, who declined to explain how they obtained the data, put that stolen information up for sale on the dark web for $300 USD, which has since been purchased. As proof, TechCrunch was allowed to peruse 1,000 of the stolen records as a sample, which was then confirmed by the website as being accurate. Stolen information includes names, email addresses, a scrambled password and details that range from shoe size to preferred currency to the user’s device type (i.e. Android or iPhone).

TechCrunch was unable to secure a comment from spokesperson Katy Cockrel nor StockX founder Josh Luber by publication on August 3, though the company did send an email to its users at 10:17 PM the same day. In it, StockX says it was “alerted to suspicious activity potentially involving customer data,” and it then “launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist.”

The results of the company’s ongoing investigation indicate “that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.”

Read StockX’s entire email below.

Dear Customer,
StockX cares deeply about the privacy of our customers. In recent days, our company has discovered a data security issue, and we want to provide you with an update on this situation.
We were alerted to suspicious activity potentially involving customer data. Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist. Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.
While conducting our forensic investigation into the suspicious activity, and out of an abundance of caution, we implemented immediate infrastructure changes to mitigate and address any potential effects of the suspicious activity. These infrastructure changes included:
-a system-wide security update;
-a full password reset of all customer passwords with an email to customers alerting them about resetting their passwords;
-high-frequency credential rotation on all servers and devices; and
-a lockdown of our cloud computing perimeter
We want you to know that we took these steps proactively and immediately, because we had just begun our investigation and did not yet know the nature, extent, or scope of suspicious activity to which we had been alerted. Though we had incomplete information, we felt a responsibility to act immediately to protect our customers while our investigation continued—and we took steps to do so.
As we investigate, StockX will continue to take additional measures, as needed, to protect the privacy of our customers. In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well.
Again, we take data security and privacy very seriously, and will continue to communicate with our customers and work hard to protect those who trust us with their shopping experience.


ORIGINAL STORY (August 2, 2019): StockX has been forced to email its users asking them to reset their password. The initial email sent to users explained that the move was due to “recently completed system updates,” although the online marketplace — which was recently valued at over $1 billion USD — released a statement to Engadget attributing the decision to “suspicious activity involving our platform.”

The statement goes on to add that the move came from “an abundance of caution” meaning that they “implemented a security update and proactively asked our community to update their passwords. We are continuing to investigate.” You can take a look at the full statement given to Engadget below.

In other tech news, Instagram recently completed a “meme purge.”

Read Full Article
Source
Engadget

Join Our Discussions on Discord

The HYPEBEAST Discord Server is a community where conversations on cultural topics can be taken further.

1000 Users Online

What to Read Next

THEY. Begin a New Artistic Era with "Stop Playin" Single
Music

THEY. Begin a New Artistic Era with "Stop Playin" Single

Much more new music is on the way.

Ezra Miller Confirms He's Still The Flash (UPDATE)
Entertainment

Ezra Miller Confirms He's Still The Flash (UPDATE)

The upcoming superhero film is reportedly set to have a darker approach.

Skippa Da Flippa, Young Thug & Murda Beatz Collide for "Move"
Music

Skippa Da Flippa, Young Thug & Murda Beatz Collide for "Move"

New heat from the down-south duo.


Benny the Butcher Drops New Video for "Took the Money to the Plug's House"
Music

Benny the Butcher Drops New Video for "Took the Money to the Plug's House"

A highlight of his most recent project.

Kano Drops New Single "Pan-Fried" off of Upcoming Album "HOODIES ALL SUMMER"
Music

Kano Drops New Single "Pan-Fried" off of Upcoming Album "HOODIES ALL SUMMER"

The artist will also go on tour accompanied by a full band.

Jack Harlow and Bryson Tiller Hit up the Roller Rink in "Thru the Night" Video
Music

Jack Harlow and Bryson Tiller Hit up the Roller Rink in "Thru the Night" Video

The Louisville natives link up on skates.

More ▾
 
Subscribe to our Newsletter

Gain access to exclusive interviews with industry creatives, think pieces, trend forecasts, guides and more.

By subscribing, you agree to our Terms of Use and Privacy Policy.

Help us serve you better

We appreciate your support in allowing HYPEBEAST ads, where we can share contents from the latest fashion, to those culturally relevant. In adding HYPEBEAST to your ad blocker's whitelist, ads on our sites will show while you continue to browse.