Watch out, your StockX account details may be available in crime forums

Pierluigi Paganini August 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground.

Last week media reported the hack of StockX, the fashion and sneaker trading platform. A threat actor stole details of 6 million users, the stolen data includes user names, email addresses, addresses, shoe size, purchase history, and encrypted passwords (salted MD5).

Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground.

The database is offered for sale in hacking forums, hackers claim to have begun to decrypt the passwords. The archive was discovered by the security researcher Jim Scott, the same expert that helped Have I Been Pwned to find a CafePress dump circulating in the underground.

Scott found the archive was initially offered for sale on the Apollon marketplace for $300.

How to check if your account has been compromised?

The set of emails involved in the StockX data breach was uploaded on the data breach notification service site Have I Been Pwned.

Users can check if their emails were part of the breach by querying the service Have I Been Pwned website that received the dump from the password crashing site Dehashed.com. The archive includes 6,840,339 records containing “unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes”. 

According to BleepingComputer, the archive is currently distributed on underground hacker forums for as little as $2.15.

Experts believe that threat actors, once decrypted all the passwords, will start targeting StockX users.

BleepingComputer reporter the case of a hacker that is claiming to have decrypted 367,000 accounts from the dump, is selling them for $400.

StockX users that shared their password with other sites should change it at all sites as soon as possible to prevent credential stuffing attacks

StockX announced to have implemented some changes to its infrastructure to mitigate the suspicious activity. These infrastructure changes included:

  1. a system-wide security update;
  2. a full password reset of all customer passwords with an email to customers alerting them about resetting their passwords; 
  3. high-frequency credential rotation on all servers and devices; and
  4. a lockdown of our cloud computing perimeter
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – StockX, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment