In a recently reported data breach, Poshmark said it recently learned that an unauthorized third party acquired data from some users. The fashion marketplace company said the information does not include physical addresses or financial data, according to a web post.
The company said in the post, “We take the trust you have placed in us extremely seriously, and since learning of this incident, we’ve expanded our security measures even further. We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.”
Data involved in the breach includes user profile information specified for public use like first and last name, gender, city and user name. Other data includes internal Poshmark preferences for push as well as email notifications. Data also includes internal account information like size preferences, email address, user ID and one-way encrypted passwords salted uniquely per user, which the company says makes it “nearly impossible to use these passwords to access an account.”
The company also noted in the post, “Poshmark is a platform built on love and transparency, and we’re committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn’t be the community we are today. We sincerely regret any concern this may cause you, and we’re here to answer any questions you may have.”
Poshmark, which started in 2011 and is California-based, lets consumers try to sell unwanted belongings or to purchase products from other users. The firm said last May that sellers had earned $1 billion since its inception. And Poshmark has taken in nearly $160 million in funding. The platform recently expanding into home décor such as candles, pillows and wall art as well as smaller home goods.