Skip to main content

Poshmark Retailer Member Passwords Are Being Sold Online

By September 20, 2019May 16th, 2022Technology News

There is grim news for users of the online marketplace Poshmark, which is a thriving community where people buy and sell used clothing and other accessories.  Recently it has come to light that the login details of more than 36 million of the company’s 40 million members were acquired by an unauthorized third-party.  Worse, those details have been found for sale on the Dark Web.

The stolen data was fairly extensive and included each user’s username, real name, email address, gender, geographic location, and hashed password.  If there’s a silver lining to be found in the aftermath of the incident, it is the fact that Poshmark disclosed the breach promptly. They reported that they had used the bcrypt algorithm to hash user passwords, which makes it less likely, (though not impossible), for the hackers to actually gain access to those passwords.

Unfortunately, there appears to be steady demand for the Poshmark data.  Despite the fact that Poshmark did its part by protecting their members’ passwords with a strong hashing algorithm, the sad truth is that many users have bad password habits. Thus, the hackers reasoning, a majority of the passwords being protected are notoriously weak and those accounts may be able to be accessed via brute force methods.

This latest incident underscores three key points:

  • Anyone online should begin to develop better password habits immediately.
  • Anywhere two-factor authentication is available, it should also be used.
  • If you’re a Poshmark customer, you should change your password immediately.

These pieces of advice are no different today than they were when we talked about the last major breach, and they’ll be identical to the advice given when we talk about the next one.  The hackers won’t stop until and unless we make it not worth the effort.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.