Last week, online sneaker marketplace StockX disclosed a major data breach that originally took place in May.
The breach had exposed names, email addresses, shipping addresses, usernames, shoe sizes, hashed passwords, and purchase histories of about 6.8 million customers.
According to Bleeping Computer, the stolen data is now being sold online on dark web.
A report by TechCrunch published on August 3 revealed how an unnamed data breach seller had reached out to the publication without saying where or how they obtained the data, and noted the data had a price tag of $300 on a dark web listing.
To see if you’re among those impacted, head to Troy Hunt’s data breach site Have I been Pwned, which added the stolen database over the weekend. To avoid bad actors from exploiting this information to stage credential stuffing attacks, you should immediately consider changing your passwords.
And here’s the @StockX data being sold on the dark web. According to the listing, it’s worth about $300 and it’s already been sold to one person. (We’re not linking to the listing.) pic.twitter.com/6YpEJATEQR
— Zack Whittaker (@zackwhittaker) August 3, 2019
As a compensation, it’s offering 12 months of free fraud detection and identity theft protection to all affected customers.