Pre-IPO online fashion marketplace Poshmark announces data breach
By William Knowles @c4i
Senior Editor
InfoSec News
August 1, 2019
Poshmark, the largest social commerce marketplace for fashion alerted users on Thursday via email and their blog that “data from some Poshmark users was acquired by an unauthorized third party.”
“The data acquired does not include any financial or physical address information, and we do not believe your password was compromised.” Poshmark recommends that you change your password as a precaution and security best practice.”
According to Poshmark, Canadian users weren’t affected and this data breach was limited to U.S. users only.
The data that was stolen includes “certain user profile information specified for public use such as username, first and last name, gender, and city.” “Certain internal account information such as email address, user ID, size preferences, and one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark” and “Certain internal Poshmark preferences for email and push notifications”
The Poshmark security notice continues to say “We take the trust you have placed in us extremely seriously, and immediately upon learning of this incident, we expanded our security measures even further. We conducted an internal investigation and retained outside experts, including a leading security forensics firm. The security forensics firm we retained ran extensive testing designed to find vulnerabilities in our software and systems. After the testing, the firm reported that it did not find any material vulnerabilities. While our security was already strong, we have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.”
How this data breach will affect Poshmark’s reported fall IPO is unclear, Poshmark has tapped Goldman Sachs Group Inc. and Morgan Stanley as its underwriters, according to the WSJ.
The Redwood City-based company was founded in 2011 by Manish Chandra, Tracy Sun, Gautam Golwala and Chetan Pungaliya and has raised about $153 million since its inception in 2011. Its last funding round, an $87.5 million Series E announced in November 2017, gave it a valuation of $600 million, according to its Crunchbase profile. Backers include Mayfield Fund , Menlo Ventures, Temasek Holdings, and GGV Capital.