球鞋转售平台 StockX 因泄漏个资事件将面临集体诉讼
包含使用者名称、E-mail、密码、偏好尺码等等。
UPDATE:在事件爆发后的三个星期后,知名球鞋转售平台 StockX 将要面临相关的集体诉讼。
目的在于针对 StockX 此次失误所造成的无法修补伤害,主要起诉人位在美国 Kansas,被称为「I.C.」,他的法律团队认为这起案件应该要采用集体诉讼的方式才能保证那些个资被窃取的所有年轻大小群众。提交的文件上表示:「原告和一众受害者在此案中受到损害,众人将会花费更多时间与代表交谈、研究和监控账目、信用记录、应对身份盗窃事件。由于个资泄露,需购买身份保护与遭受干扰和不便。」
原文:早先才刚宣布市值超过 10 亿美金,知名线上球鞋转售平台 StockX 果然就成为骇客眼中的肥羊。StockX 早先证实公司于今年五月份遭遇骇客入侵,窃取超过 680 万份会员资料,并将其以 $300 美元的价格贩售至暗网。
根据 TechCrunch 的报导指出,这次 StcokX 的网路灾害远比预期的高。流出的 680 万会员资料包含:名称、E-mail 帐号、非完整的密码组合、使用者偏好的球鞋尺码与使用的机种(Android 或 iPhone)。TechCrunch 便曾假扮买家向骇客索取更详细的内容,骇客便将 1000 名 StockX 会员的资料免费提供给 TechCrunch 使用,TechCrunch 随后也将名单交给 StockX 查证,经确认后的确为 StockX 的会员资料。现在这些资料经证实也早已被售出。
对于此事,StockX 发送了一则邮件表示公司正在调查中,目前还未有任何会员们的资料被盗用的案件,并提醒若是收到 StockX 要求用户更改密码的邮件烦请尽快更改,以免有心者盗用,使得会员权益受损。
信件内容如下:
Dear Customer,
StockX cares deeply about the privacy of our customers. In recent days, our company has discovered a data security issue, and we want to provide you with an update on this situation.
We were alerted to suspicious activity potentially involving customer data. Upon learning of the suspicious activity, we immediately launched a comprehensive forensic investigation and engaged third-party data incident and forensic experts to assist. Though our investigation remains ongoing, forensic evidence to date suggests that an unknown third-party was able to gain access to certain customer data, including customer name, email address, shipping address, username, hashed passwords, and purchase history. From our investigation to date, there is no evidence to suggest that customer financial or payment information has been impacted.
While conducting our forensic investigation into the suspicious activity, and out of an abundance of caution, we implemented immediate infrastructure changes to mitigate and address any potential effects of the suspicious activity. These infrastructure changes included:
-a system-wide security update;
-a full password reset of all customer passwords with an email to customers alerting them about resetting their passwords;
-high-frequency credential rotation on all servers and devices; and
-a lockdown of our cloud computing perimeter
We want you to know that we took these steps proactively and immediately, because we had just begun our investigation and did not yet know the nature, extent, or scope of suspicious activity to which we had been alerted. Though we had incomplete information, we felt a responsibility to act immediately to protect our customers while our investigation continued—and we took steps to do so.
As we investigate, StockX will continue to take additional measures, as needed, to protect the privacy of our customers. In the meantime, out of an abundance of caution, we recommend that if you use your StockX password for other accounts, you change those passwords as well.
Again, we take data security and privacy very seriously, and will continue to communicate with our customers and work hard to protect those who trust us with their shopping experience.
除此之外,亦可留意 COMME des GARÇONS x Air Jordan 1 联乘鞋款正式贩售。
