Chances are high that if you’ve resold clothes online any time recently (or bought them second-hand), you’ve done so on Poshmark. Unfortunately, it’s also the latest company to suffer a data breach.
Here’s their reset password page—you all know the drill by now.
“We recently discovered that data from some Poshmark users was acquired by an unauthorized third party,” the company wrote in a blog post yesterday. While passwords were stored in a hashed form, making them harder to decrypt, it’s recommended the site’s users reset their passwords regardless as a precaution.
As Motherboard first reported, usernames, legal names, genders, locations, clothing size preferences, and email addresses were among the exfiltrated data. Users who logged in through a social media account may have had their profile information stolen as well. Unlike, say, the disastrous Capital One breach earlier this week, Poshmark users’ financial data is not believed to be compromised
“We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future,” the company wrote. The company has not made any public conclusions yet as to who is responsible for the breach or how many of Poshmark’s 40 million users were affected.