Marketplace for sneakers and collectibles.
In May 2019, an unauthorized third party accessed the cloud environment of sneaker/collectibles resale platform StockX, exposing ~6.8 million customer records including email addresses, names, physical addresses, purchase history, usernames, and salted MD5 password hashes. StockX initially issued a mass password reset framed as a "system update," which was later revealed to be a response to the breach; the data was subsequently sold on the dark web. A class-action lawsuit was later settled. The intrusion method was not definitively established.
ObscureIQ assessment: High risk of phishing, account takeover, fraud, and affluent-customer targeting. Transaction data can also reveal spending patterns and collectible or sneaker ownership.
The exposure of emails, names, addresses, purchase history, usernames, and salted MD5 passwords for 6.8 million customers enables credential-stuffing, targeted phishing, and doxxing; purchase history from a high-value resale platform can also reveal affluent buying patterns for targeting. The initial "system update" framing delayed user awareness.
StockX is a large online resale marketplace for sneakers, streetwear, and collectibles, known for authenticating high-demand limited items. It maintains customer account, contact, purchase, and payment-adjacent records.
Resale marketplaces collect buyer and seller identity, addresses, payment-adjacent records, transaction histories, device data, and item-specific trading activity across high-value commerce workflows.
In May 2019, an unauthorized third party accessed StockX's cloud environment. StockX initially prompted a mass password reset framed as a "system update," but it was later revealed to be a breach; the data was sold on the dark web. StockX faced a class-action lawsuit that was later settled.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
If you believe your information may be included:
In May 2019, an unauthorized third party accessed the cloud environment of sneaker/collectibles resale platform StockX, exposing ~6.8 million customer records including email addresses, names, physical addresses, purchase history, usernames, and salted MD5 password hashes. StockX initially issued a…
Verified fields include Email Address, Full Name, Password, Physical Address, Transaction History, Username.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation