Cracked Passwords For Millions Of Poshmark Accounts Being Sold Online

Dehashed login details for customers of Poshmark, an online marketplace for buying and selling used clothes and accessories, have been circulating online following the data breach a few months ago.

At the beginning of the year, Poshmark announced that it had 40 million community members. According to data breach platform Have I Been Pwned, login details of more than 36 million customers were acquired by an unauthorized party.

The data includes email addresses, hashed passwords, gender, geographic location, names, and usernames.

Experts Comments

September 04, 2019
Lisa Baergen
VP of Marketing
NuData Security
It was only a matter of time before the information from the Poshmark breach found its way on the Dark Web. The best way to mitigate those damages is to make information valueless to cybercriminals. Merchants can reduce the risk of fraudulent events by implementing technologies that identify customers by more than credentials, passcodes, and security questions. Taking a layered approach to security with advanced authentication that leverages the online behaviour of a consumer with technology.....Read More
It was only a matter of time before the information from the Poshmark breach found its way on the Dark Web. The best way to mitigate those damages is to make information valueless to cybercriminals. Merchants can reduce the risk of fraudulent events by implementing technologies that identify customers by more than credentials, passcodes, and security questions. Taking a layered approach to security with advanced authentication that leverages the online behaviour of a consumer with technology such as passive biometrics is key in successfully limiting the damage to both customers and merchants.  Read Less
September 04, 2019
Paul Bischoff
Privacy Advocate
Comparitech
Poshmark customers should change their account passwords immediately in case the passwords can be cracked. If they use the same password on any other accounts, they should change those passwords immediately as well. Hackers will try--if they haven't already--to use the passwords on other accounts associated with the same email on other sites and apps. Poshmark users should also be on the lookout for targeted phishing emails related to the company.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.