On Saturday, TechCrunch revealed popular sneaker marketplace StockX experienced a significant data breach that potentially affected millions of users. The publication’s disclosure follows a mass email the firm sent out on Thursday asking customers to reset their passwords.
At the time, the startup claimed it made the request as a result of the system update. But the company has since confirmed that unauthorized users have compromised its system.
Data Breach Discovery
After sending out its email blast, a StockX representative told TechCrunch it initiated the mass reset after detecting “suspicious activity” on its site. However, at that point, the firm didn’t respond to the publication’s (or customers’) requests for further information. Subsequently, an unknown party contacted the blog regarding the marketplace’s digital infrastructure.
The unnamed individual claimed a hacker breached StockX’s systems in May and stole information on 6.8 million users. Furthermore, the mysterious party also claimed to be selling the platform’s user data for $300 on the dark web. The seller provided TechCrunch with 1,000 sample profiles, which the publication verified as being real.
The stolen StockX data included usernames, email addresses, encrypted passwords, device data, and shoe sizes.
On August 3, the startup published a blog post addressing its cybersecurity situation. In it, the company acknowledged a hack had compromised its servers, but it also stated users’ payment information had not been accessed. The firm also said that it acted immediately upon learning about the data breach and that its investigation is still ongoing.
A Brand on the Rise
Founded in 2015, StockX has established itself as one of the most promising startups in the e-commerce sector. The company began its life as a marketplace where high-end sneaker aficionados could buy and sell their shoes. However, the firm distinguishes itself from the likes of eBay by offering verification service for products sold on its platform.
As the counterfeit goods industry is worth $461 million, StockX’s services make it invaluable to the legal sneaker resale market. Indeed, CrunchBase estimates the startup generates $14.2 million a year in revenue. The firm has since expanded its offerings to include luxury watches, bags, and streetwear.
Another unique attribute of StockX is that it treats its commodities like actual stock. Visitors can chart the value of the latest Bathing Ape, Nike, and Ralph Lauren gear in real-time.
Having become the predominant brand within its field, the startup has also attracted the attention of some high-profile investors. In July, the firm raised $110 million in Series C funding from GVV Capital (Airbnb), General Atlantic (Wish), and DST Global (DoorDash). As such, analyst’s value the firm lifestyle marketplace at $1 billion.
Unfortunately, the brand’s remarkable rise may be derailed. In terms of hard costs, StockX has the resources to endure a data breach. IBM’s 2019 Data Breach report found the average expense of a system compromise is $3.92 million. However, the company may find the real damage the hack incurred is in its brand perception.
At this point, StockX’s future viability comes down to how the firm’s leadership positions the leak; as a disaster or just a bump in the road.