|
September 5, 2019 - Last month, the online marketplace Poshmark announced a data breach that dated back to May of 2018. Now riskbasedsecurity.com's Breach Exchange mail list is reporting that the user information of 36 million Poshmark users is for sale on the dark web. And although when the company made the announcement it also said that the passwords of users weren't at risk, according to Breach Exchange at least 1 million of the accounts for sale included accurate password data.
According to Poshmark, all passwords were encrypted. Additionally, the company apparently uses data unique to each user for every password. That's known as a unique encryption key and in theory it should be nearly impossible to hack. But unfortunately, when Poshmark made the initial announcement of the data breach they apparently also let it be known what the method for encryption was. It appears that this provided enough information to hackers to allow for the decryption of a large number of them.
Because most people use the same password data across multiple sites, any Poshmark user whose password is included in the stolen data is at heightened risk for identity theft and fraud. If the hackers can find additional sites that use the same data, there is nothing preventing them from logging onto those sites.
In addition to passwords, the data breach includes information on first and last names, gender, city of residence and user names.
Anyone who has ever had an account on Poshmark is strongly advised to change their password on that site. And anyone who has used the same password on other sites should change the passwords on those other sites too.
According to Breach Exchange, the data is being sold for $750.
by Jim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|
Fraud and Scams 
