スニーカーやストリートウェアを取り扱う海外プラットフォーム「ストックX」から顧客データが流出!早めのパスワード変更を
アメリカのスニーカーコレクターであるJosh Luber(ジョシュ・ルーバー)が2016年に設立したスニーカー、ストリートウェア、時計、ハンドバッグ、アクセサリーを扱う人気海外プラットフォーム『StockX(ストックエックス)』がハッキングされ、約680万人分の顧客データが流出したという。
StockXは単なるスニーカー転売サイトとしてではなく、価格相場の指標ともなっており、またプロの鑑定士が鑑定を行い、本物のみを取り扱うことで海外のみならず日本国内のスニーカーヘッズにも人気のサービス。
当サイトの読者にも利用、または登録しているユーザーも多いだろう。現時点ではユーザーに直接的な被害は出ていないようだが、顧客データがダークウェブにて販売されているなどの報告もあるようだ。
念の為パスワードの変更を行うと共に、同様のパスワードを使用しているサイトがあればそちらも注意しておくといいだろう。
◆記事の更新通知はTwitterにてチェック
◆Supremeに関する情報・最新リーク情報はコチラ
◆最新スニーカー情報記事はコチラ
◆最新ストリートファッション・アパレル情報はコチラ
以下StockXからのメール本文
Dear Customer,
StockX cares deeply about the privacy of our customers. In recent days, our company has discovered a data security issue, and we want to provide you with an update on this situation.
We were alerted to suspicious activity potentially involving customer data. Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist. Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.
While conducting our forensic investigation into the suspicious activity, and out of an abundance of caution, we implemented immediate infrastructure changes to mitigate and address any potential effects of the suspicious activity. These infrastructure changes included:
- a system-wide security update;
- a full password reset of all customer passwords with an email to customers alerting them about resetting their passwords;
- high-frequency credential rotation on all servers and devices; and
- a lockdown of our cloud computing perimeter
We want you to know that we took these steps proactively and immediately, because we had just begun our investigation and did not yet know the nature, extent, or scope of suspicious activity to which we had been alerted. Though we had incomplete information, we felt a responsibility to act immediately to protect our customers while our investigation continued—and we took steps to do so.
As we investigate, StockX will continue to take additional measures, as needed, to protect the privacy of our customers. In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well.
Again, we take data security and privacy very seriously, and will continue to communicate with our customers and work hard to protect those who trust us with their shopping experience.
Sincerely,
The StockX Team
最近の投稿