UPDATED: September 9, 2019
We announced on August 1, 2019 that data from some Poshmark users was acquired by an unauthorized third party. As a result, we recommended that all users change their passwords as a precaution and security best practice.
We recently became aware of claims stating that some Poshmark passwords were compromised, and we believe that may have resulted from security incidents affecting other sites and the reuse of passwords. Therefore, out of an abundance of caution, as of today we’ll be requiring anyone who has not yet reset their password since August 1, 2019 to do so at login. In addition, we’re fortifying our password hashing even further across the platform.
We take your security extremely seriously and are committed to continuing to strengthen our platform.
August 1, 2019
We recently discovered that data from some Poshmark users was acquired by an unauthorized third party.
The data acquired does not include any financial or physical address information, and we do not believe your password was compromised. Regardless, we recommend that you change your password as a precaution and security best practice.
The type of data involved includes:
- Certain user profile information specified for public use such as username, first and last name, gender, and city
- Certain internal account information such as email address, user ID, size preferences, and one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark
- Certain internal Poshmark preferences for email and push notifications
We take the trust you have placed in us extremely seriously, and since learning of this incident, we’ve expanded our security measures even further. We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.
Poshmark is a platform built on love and transparency, and we’re committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn’t be the community we are today. We sincerely regret any concern this may cause you, and we’re here to answer any questions you may have.
For more info, please see our FAQ or contact firstname.lastname@example.org.
2 thoughts on “Important Security Notice from Poshmark”