Join the Cleveland Scene Press Club. Because No News is Bad News.

Monday, August 5, 2019

Data Breach by Dan Gilbert-Founded Online Sneaker Marketplace StockX Exposed Millions of Customers' Data

Posted By on Mon, Aug 5, 2019 at 2:25 PM

  • Daniel J Macy/Shutterstock

StockX, a Detroit-based online marketplace for sneakers, experienced a data breach — and the breach may have exposed its customers’ personal information.

The company said in a message on its website on Monday that it launched a forensic investigation following the incident.

“Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history," the company said in the message.

TechCrunch reported that on Thursday, StockX asked customers to reset their password, but cited the reason for the password update as "system updates" and did not initially provide further information. TechCrunch further reported that an unnamed data breach seller contacted TechCrunch and said the breach happened back in May and affects 6.8 million users. The seller provided TechCrunch with a sample of customers data, and when TechCrunch contacted some customers to confirm whether the information was correct, the customers said it was. The seller apparently put the data on sale for $300 on a dark web listing, and at the time of TechCrunch's reporting, one person had bought the data.

"The stolen data contained names, email addresses, scrambled password (believed to be hashed with the MD5 algorithm and salted), and other profile information — such as shoe size and trading currency," TechCrunch reported. "The data also included the user’s device type, such as Android or iPhone, and the software version."

Though the breach reportedly occurred in May, according to TechCrunch, it is unclear when StockX learned about it. However, StockX said "upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist." The company said it launched a system-wide security update and reset passwords for all customers, along with other steps to strengthen security.

“In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well,” the company said in its statement.

StockX was founded in 2015 by Dan Gilbert, Greg Schwartz, Josh Luber, and Chris Kaufman. It authenticates products before reselling them, and deals primarily in the resale of sneakers — though it also sells streetwear, handbags, and watches.

Tags: , ,

We welcome readers to submit letters regarding articles and content in Cleveland Scene. Letters should be a minimum of 150 words, refer to content that has appeared on Cleveland Scene, and must include the writer's full name, address, and phone number for verification purposes. No attachments will be considered. Writers of letters selected for publication will be notified via email. Letters may be edited and shortened for space.

Email us at

Cleveland Scene works for you, and your support is essential.

Our small but mighty local team works tirelessly to bring you high-quality, uncensored news and cultural coverage of Cleveland and beyond.

Unlike many newspapers, ours is free – and we'd like to keep it that way, because we believe, now more than ever, everyone deserves access to accurate, independent coverage of their community.

Whether it's a one-time acknowledgement of this article or an ongoing pledge, your support helps keep Cleveland's true free press free.

Read the Digital Print Issue

September 23, 2020

View more issues


Never miss a beat

Sign Up Now

Subscribe now to get the latest news delivered right to your inbox.