Support Local Journalism. Join the Cleveland Scene Press Club.

Monday, August 5, 2019

Data Breach by Dan Gilbert-Founded Online Sneaker Marketplace StockX Exposed Millions of Customers' Data

Posted By on Mon, Aug 5, 2019 at 2:25 PM

  • Daniel J Macy/Shutterstock

StockX, a Detroit-based online marketplace for sneakers, experienced a data breach — and the breach may have exposed its customers’ personal information.

The company said in a message on its website on Monday that it launched a forensic investigation following the incident.

“Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history," the company said in the message.

TechCrunch reported that on Thursday, StockX asked customers to reset their password, but cited the reason for the password update as "system updates" and did not initially provide further information. TechCrunch further reported that an unnamed data breach seller contacted TechCrunch and said the breach happened back in May and affects 6.8 million users. The seller provided TechCrunch with a sample of customers data, and when TechCrunch contacted some customers to confirm whether the information was correct, the customers said it was. The seller apparently put the data on sale for $300 on a dark web listing, and at the time of TechCrunch's reporting, one person had bought the data.

"The stolen data contained names, email addresses, scrambled password (believed to be hashed with the MD5 algorithm and salted), and other profile information — such as shoe size and trading currency," TechCrunch reported. "The data also included the user’s device type, such as Android or iPhone, and the software version."

Though the breach reportedly occurred in May, according to TechCrunch, it is unclear when StockX learned about it. However, StockX said "upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist." The company said it launched a system-wide security update and reset passwords for all customers, along with other steps to strengthen security.

“In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well,” the company said in its statement.

StockX was founded in 2015 by Dan Gilbert, Greg Schwartz, Josh Luber, and Chris Kaufman. It authenticates products before reselling them, and deals primarily in the resale of sneakers — though it also sells streetwear, handbags, and watches.

Tags: , ,

We welcome readers to submit letters regarding articles and content in Cleveland Scene. Letters should be a minimum of 150 words, refer to content that has appeared on Cleveland Scene, and must include the writer's full name, address, and phone number for verification purposes. No attachments will be considered. Writers of letters selected for publication will be notified via email. Letters may be edited and shortened for space.

Email us at [email protected].

Support Local Journalism.
Join the Cleveland Scene Press Club

Local journalism is information. Information is power. And we believe everyone deserves access to accurate independent coverage of their community and state. Our readers helped us continue this coverage in 2020, and we are so grateful for the support.

Help us keep this coverage going in 2021. Whether it's a one-time acknowledgement of this article or an ongoing membership pledge, your support goes to local-based reporting from our small but mighty team.

Join the Cleveland Scene Press Club for as little as $5 a month.

Read the Digital Print Issue

January 5, 2022

View more issues


Never miss a beat

Sign Up Now

Subscribe now to get the latest news delivered right to your inbox.


© 2022 Cleveland Scene: 737 Bolivar Rd., Suite 4100, Cleveland, OH 44115, (216) 505-8199
Logos and trademarks on this site are property of their respective owners.

Website powered by Foundation