TC verified the claims by contacting people from a sample of 1,000 records using information only they would know.

While the intruders don't appear to have taken particularly sensitive info, like payment cards, it's still a significant breach -- especially when the seller intends to make the data available through the dark web. It also raises questions as to why StockX alerted users to password resets without explaining what had happened or the extent to which users' data was at risk. Simply put, victims didn't know how large the problem really was.

Update (8/3/19, 10:45PM ET): StockX has confirmed to Engadget that it suffered a data breach. Below is the full statement from the company.