Poshmark, an online marketplace for buying and selling clothes, has reported a data breach.
The company disclose in a brief blog post that user profile information, including names and usernames, gender and city data was taken by an unauthorized third party.
Poshmark it used the bcrypt hashing algorithm to scramble the passwords one of the stronger algorithms available.
Email addresses, size preferences and scrambled passwords were also taken but financial data and physical address information was not compromised.
Source: https://techcrunch.com/2019/08/01/poshmark-confirms-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/poshmark
"id": "pos2527423",
"linkid": "poshmark",
"type": "Breach",
"date": "08/2019",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'E-commerce',
'name': 'Poshmark',
'type': 'Online Marketplace'}],
'data_breach': {'data_encryption': 'bcrypt hashing algorithm',
'data_exfiltration': True,
'personally_identifiable_information': ['names',
'usernames',
'gender',
'city data',
'email addresses'],
'type_of_data_compromised': ['names',
'usernames',
'gender',
'city data',
'email addresses',
'size preferences',
'scrambled passwords']},
'description': 'Poshmark, an online marketplace for buying and selling '
'clothes, reported a data breach where user profile '
'information, including names, usernames, gender, city data, '
'email addresses, size preferences, and scrambled passwords, '
'was taken by an unauthorized third party. Financial data and '
'physical address information were not compromised.',
'impact': {'data_compromised': ['names',
'usernames',
'gender',
'city data',
'email addresses',
'size preferences',
'scrambled passwords']},
'references': [{'source': 'Poshmark Blog Post'}],
'threat_actor': 'Unauthorized third party',
'title': 'Poshmark Data Breach',
'type': 'Data Breach'}