On Thursday, Poshmark, an online marketplace, reported a breach in their database, which resulted in the data being acquired by an undisclosed third party.
Poshmark, which calls itself the ‘largest social marketplace for fashion’, says that the data acquired by the third-party during the breach does not include financial or location information. It’s important to note that the company is unsure if the passwords of the users were compromised and hence have recommended a change of passwords as a precautionary measure.
What data was compromised and who was affected?
According to the company, the breached data consisted of profile information such as username, alongwith the name, gender and city info of users. In addition, the internal account information that included email address, user ID, size preferences and encrypted passwords, were also stolen. However, the company also mentions that since these passwords are salted uniquely for every user, gaining access to accounts via them is nearly impossible.
Poshmark hasn’t specified the number of user’s affected by the breach and whether any seller accounts have been affected. They believe that the accounts of users in US were affected and these users are being notified by the company via email and will also see a notification in their app.
The company also stated that the internal preferences such as email and push notifications were breached too. The company is currently conducting an internal investigation.
“We take the trust you have placed in us extremely seriously, and since learning of this incident, we’ve expanded our security measures even further. We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future,” Poshmark stated in a blog post.