Email This Post Email This Post

Mobile App Poshmark Hit by Data Breach

Poshmark
Mobile App Poshmark Hit by Data Breach

Poshmark reported a data breach on Thursday. The mobile app described which information it believes was acquired by “an unauthorized third party,” and which information it believes was not obtained.

Poshmark said it did not believe passwords were compromised, but recommended users change their passwords “as a precaution and security best practice.”

However, user information that was impacted includes “Certain user profile information specified for public use such as username, first and last name, gender, and city,” as well as certain email addresses, size preferences, and social media profile information.

As Lisa Baergen, VP of Marketing for NuData Security, a Mastercard company, pointed out, even if hackers don’t get passwords or credit card data, any information is useful for an attacker to put together a profile on the impacted people.

“The attacker can then use the profile to create new accounts online or offline under an assumed identity,” she said. “They can launch phishing or social engineering attacks with an increased success rate that enable the attacker to take over accounts.”

Sponsored Link

Poshmark announcement follows:

Important Security Notice from Poshmark
August 1, 2019

We recently discovered that data from some Poshmark users was acquired by an unauthorized third party.

The data acquired does not include any financial or physical address information, and we do not believe your password was compromised. Regardless, we recommend that you change your password as a precaution and security best practice.

The type of data involved includes:

Certain user profile information specified for public use such as username, first and last name, gender, and city

Certain internal account information such as email address, user ID, size preferences, and one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark

Certain internal Poshmark preferences for email and push notifications

We take the trust you have placed in us extremely seriously, and since learning of this incident, we’ve expanded our security measures even further. We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.

Poshmark is a platform built on love and transparency, and we’re committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn’t be the community we are today. We sincerely regret any concern this may cause you, and we’re here to answer any questions you may have.

For more info, please see our FAQ or contact support@poshmark.com.

SOURCE: Poshmark Blog Post

Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner
Ina Steiner
Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.