Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, disclosed a data breach yesterday, on August 1.
The company said that an unauthorized party gained access to its servers from where it stole information such as usernames, hashed passwords, first and last names, gender information, and city of residence.
The hacker also stole clothing size preferences, user emails, and social media profile information collected when users connected social media accounts to Poshmark, the company said.
Poshmark said the passwords were scrambled using a one-way hashing algorithm, and then salted (randomly scrambled) on a per-user basis — “making it nearly impossible to use these passwords to access an account,” it said.
In addition, the hacker also got their hands on some less important information, such as some internal Poshmark account preferences, used by the company to send email and browser and mobile push notifications.