Cracked Passwords For Millions Of Poshmark Accounts Being Sold Online

Dehashed login details for customers of Poshmark, an online marketplace for buying and selling used clothes and accessories, have been circulating online following the data breach a few months ago.

At the beginning of the year, Poshmark announced that it had 40 million community members. According to data breach platform Have I Been Pwned, login details of more than 36 million customers were acquired by an unauthorized party.

The data includes email addresses, hashed passwords, gender, geographic location, names, and usernames.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Lisa Baergen
Lisa Baergen , VP of Marketing
InfoSec Expert
September 4, 2019 12:43 pm

It was only a matter of time before the information from the Poshmark breach found its way on the Dark Web. The best way to mitigate those damages is to make information valueless to cybercriminals. Merchants can reduce the risk of fraudulent events by implementing technologies that identify customers by more than credentials, passcodes, and security questions. Taking a layered approach to security with advanced authentication that leverages the online behaviour of a consumer with technology such as passive biometrics is key in successfully limiting the damage to both customers and merchants.

Last edited 3 years ago by Lisa Baergen
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
September 4, 2019 12:41 pm

Poshmark customers should change their account passwords immediately in case the passwords can be cracked. If they use the same password on any other accounts, they should change those passwords immediately as well. Hackers will try–if they haven\’t already–to use the passwords on other accounts associated with the same email on other sites and apps. Poshmark users should also be on the lookout for targeted phishing emails related to the company.

Last edited 3 years ago by Paul Bischoff
2
0
Would love your thoughts, please comment.x
()
x