Venture capital-backed sneaker trading site StockX Inc. is the latest to be hacked, with the records of 6.8 million customers stolen.As per siliconangle.
Apparel and shoe trading marketplace StockX was reportedly hacked, allegedly exposing sensitive information of more than 6.8 million users worldwide, TechCrunch reported on 3rd August.
The hack was originally covered up with StockX pushing out a password reset to customers as part of a “system update” on Thursday. But the company confessed on Sunday that it had what it describes as a “data security issue.”
The data stolen is said to include customer name, email address, shipping address, username, hashed password and purchase history. The company said no financial or payment information had been stolen.
Details of the hack remain unknown. But TechCrunch, which said it was contacted by an “unnamed data breach seller,” reported that the hack took place in May and the records were available to be purchased for $300 on the dark web, a shady part of the internet reachable with special software.
The fact that StockX attempted to cover it up raises not only ethical concerns but legal ones as well. The company is based in Detroit but offers a global platform that includes customers in the European Union. That means StockX is subject to the EU’s General Data Protection Regulation.
The regulation includes fines for companies not taking proper care to prevent hacking as well as a requirement to disclose details of a hack with 72 hours of its discovery. The fact that StockX not only failed to disclose the hack but actively tried to cover it up initially could attract attention when the EU Privacy Commissioner starts to investigate the case.
The only real question for StockX is: How big will their GDPR fine be? The regulation allows for a fine of up to 4 percent of global revenues. StockX’s revenue figure isn’t public, but the company has found success in its sneaker and related items e-commerce model. It has raised $160 million in venture capital to date from a list of well-known VC firms, including DST Global, General Atlantic and GGV Capital.
News of StockX’s hack comes off a busy week in hacking news led by Capital One Financial Corp. The Entertainment Software Association, known for its E3 conference, also experienced a “data leak” this week, with the records of more than 2,000 journalists stolen.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
