Hackers have breached Poshmark, a popular online marketplace for used clothing, and stolen customer information. The looted data includes customers' full names, genders, cities, email addresses, linked social media profiles, and account passwords—but in a hashed cryptographic form.

"The data acquired does not include any financial or physical address information, and we do not believe your password was compromised," Poshmark said in a blog post. "Regardless, we recommend that you change your password as a precaution and security best practice."

Poshmark says the stolen passwords will be hard to crack because hashing them essentially scrambles the login information into an unreadable format. For further protection, Poshmark also "salted" the passwords by adding some random data that is saved with each hashed password.

In response to the breach, Poshmark said: "We've conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future," the company said.

The breach only ensnared US-based users, not those in Canada. The company's platform currently has more than 40 million members.

Who was behind the intrusion and how the data was stolen isn't clear. Poshmark merely said a forensic firm examined the company's IT systems and found no "material vulnerabilities."

Due to the breach, the company is telling users to be on guard against phishing emails, especially those that pretend to come from Poshmark. "Be aware that Poshmark would not ask for personal information such as your login information or password in email communications," it said. "If an email you received asks you for this information, the email was not sent by Poshmark and may be an attempt to steal your personal data."

Further Reading

Security Reviews