StockX a sneaker resale market based in Detroit, MI sent an email on August 1st to its users saying - “We recently completed system updates on the StockX platform” with a link to a password reset page.
After some outrage about how unusual it is for companies to reset users passwords and how they went about doing it, prompted StockX to announce the data breach on August 3rd on their blog. On August 5th, Techrunch’s Zack Whittacker posted on twitter saying StockX 6.0M user records were being sold on dark web for the second time.
It is not clear as to why StockX messed up the communication of this breach the first time around. It does not look good on a company to not read users with respect. To save face from this, StockX is offering users free fraud detection and identity threat protection via ID Experts. You can enroll here by November 8, 2019.
We have helped several hundreds of users delete their StockX accounts after the breach. If you are a StockX user, you should absolutely take this free monitoring service. StockX may not be out of the woods yet. Under Europe’s GDPR rules, they can be fine 10M euros or up to 4% of global annual revenue for such violations.