Dehashed login details for customers of Poshmark, an online marketplace for buying and selling used clothes and accessories, have been circulating online following the data breach a few months ago.
At the beginning of the year, Poshmark announced that it had 40 million community members. According to data breach platform Have I Been Pwned, login details of more than 36 million customers were acquired by an unauthorized party.
The data includes email addresses, hashed passwords, gender, geographic location, names, and usernames.
It was only a matter of time before the information from the Poshmark breach found its way on the Dark Web. The best way to mitigate those damages is to make information valueless to cybercriminals. Merchants can reduce the risk of fraudulent events by implementing technologies that identify customers by more than credentials, passcodes, and security questions. Taking a layered approach to security with advanced authentication that leverages the online behaviour of a consumer with technology such as passive biometrics is key in successfully limiting the damage to both customers and merchants.
Poshmark customers should change their account passwords immediately in case the passwords can be cracked. If they use the same password on any other accounts, they should change those passwords immediately as well. Hackers will try–if they haven\’t already–to use the passwords on other accounts associated with the same email on other sites and apps. Poshmark users should also be on the lookout for targeted phishing emails related to the company.