Last week media reported the hack of
Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground.
The database is offered for sale in hacking forums, hackers claim to have begun to decrypt the passwords. The archive was discovered by the security researcher Jim Scott, the same expert that helped Have I Been Pwned to find a CafePress dump circulating
Scott found the archive was initially offered for sale on the Apollon marketplace for $300.
How to check if your account has
Users can check if their emails were part of the breach by querying the service Have I Been Pwned website that received the dump from the password crashing site Dehashed.com. The archive includes 6,840,339 records containing “unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes”.
According to BleepingComputer, the archive is currently distributed on underground hacker forums for as little as $2.15.
Experts believe that threat actors, once decrypted all the passwords, will start targeting StockX users.
BleepingComputer reporter the case of a hacker that is claiming to have decrypted 367,000 accounts from the dump, is selling them for $400.
StockX announced to have implemented some changes to its infrastructure to mitigate the suspicious activity. These infrastructure changes included: