Poshmark Data Breach
Poshmark Fashion Resale Marketplace Breach (2018): 36 Million User Accounts Including Passwords Exposed
Social commerce marketplace for fashion.
Risk Interpretation
Exposure enables phishing, seller impersonation, order fraud, and account abuse. Social-commerce activity can also reveal spending habits and personal style preferences.
Impact & Downstream Threats
In mid-2018 Poshmark suffered a breach exposing approximately 36 million user accounts. The exposed data included email addresses, full names, usernames, genders, geographic locations, and passwords stored as bcrypt hashes. Poshmark disclosed the incident in August 2019 after being contacted by security researchers. The company notified users, forced password resets, and advised users to change passwords on other accounts where the same credentials had been used. No class-action settlement or si
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Poshmark, a social commerce marketplace where users buy and sell clothing and goods, suffered a data breach in mid-2018 that exposed approximately 36.4 million user accounts. An unauthorized third party accessed user data through a misconfiguration. The breach was not publicly disclosed until August 2019, more than a year after it occurred, when Poshmark announced the incident after being contacted by security researchers. The exposed data included email addresses, full names, usernames, genders, geographic locations, and passwords. The passwords were stored using bcrypt, a relatively strong hashing method, which reduces but does not eliminate the risk of them being cracked. Financial information and physical addresses were not affected. Because Poshmark combines social networking with retail activity, the exposed data can also reveal users' shopping habits and personal interests, adding context that makes phishing and impersonation attempts more convincing. Poshmark notified affected users, forced password resets, and advised users to update passwords on any other accounts where the same credentials were used. No prominent class-action settlement or regulatory action has been documented in connection with this breach. Affected individuals remain at risk of targeted phishing, account takeover, and seller impersonation, particularly if they reused their Poshmark password elsewhere.
About Poshmark
Poshmark is a social commerce marketplace where individuals buy and sell new and secondhand clothing, accessories, and home goods. Founded in 2011 and headquartered in Redwood City, California, the platform went public on Nasdaq in 2021 before being acquired by South Korean internet company Naver in 2023 for approximately $1.2 billion. The platform combines social networking features — following, sharing, and liking — with peer-to-peer retail commerce.
Why They Hold Your Data
Social-commerce marketplaces collect buyer and seller identity, contact details, addresses, payment-adjacent data, transaction histories, and social-engagement records across resale workflows.
Recent Developments
Following Naver's 2023 acquisition, Poshmark has operated as part of the same portfolio as Wattpad and the Naver-affiliated webtoon ecosystem. The company has continued developing its marketplace features and expanding in international markets. No major standalone organizational developments beyond the acquisition context have been prominently reported.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, gender, geographic_locations, password, username
Dark Web Verification
- Dataset containing ~36.4M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Poshmark Data Breach;poshmark-2018
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Poshmark
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam