Last week media reported the hack of
Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground.
The database is offered for sale in hacking forums, hackers claim to have begun to decrypt the passwords. The archive was discovered by the security researcher Jim Scott, the same expert that helped Have I Been Pwned to find a CafePress dump circulating
Scott found the archive was initially offered for sale on the Apollon marketplace for $300.
How to check if your account has
Users can check if their emails were part of the breach by querying the service Have I Been Pwned website that received the dump from the password crashing site Dehashed.com. The archive includes 6,840,339 records containing “unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes”.
According to BleepingComputer, the archive is currently distributed on underground hacker forums for as little as $2.15.
Experts believe that threat actors, once decrypted all the passwords, will start targeting StockX users.
BleepingComputer reporter the case of a hacker that is claiming to have decrypted 367,000 accounts from the dump, is selling them for $400.
StockX announced to have implemented some changes to its infrastructure to mitigate the suspicious activity. These infrastructure changes included:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.