In a post to its company blog last week, popular fashion resale platform Poshmark announced that its servers had been accessed by an "unauthorized third party." The hackers stole private data from users in the U.S. that included personal email addresses, Poshmark account usernames, clothing size preferences, and social media account information. Poshmark, which is frequented by millions of users each month, said the data "does not include any financial or physical address information, and we do not believe your password was compromised." Nevertheless, the blog post suggested that users "change your password as a precaution and security best practice." Poshmark also said that since learning of this incident, "we’ve expanded our security measures even further. We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future."
Total Retail's Take: Poshmark has acknowledged responsibility for the lapse in security and is fully investigating the incident. The online platform has also announced that it has beefed up its existing digital security for the time being, which will make it more difficult for events like this to occur in the future. But the question remains: Will these types of data breaches ever stop, or has this just become the new normal for retailers doing business online? And, if so, what can retailers do to protect themselves from future data breaches?
According to Lisa Baergen, vice president of marketing for NuData Security, a Mastercard company, merchants can mitigate the risk of fraudulent events by implementing technologies that are able to identify customers by more than static information like credentials, passcodes and security questions. "Attackers are rampaging through websites and servers for any and all information on consumers," Baergen told Total Retail. "Even if they don't get their passwords or credit card data, any information is useful for an attacker to put together a profile on the impacted people. The attacker can then use the profile to create new accounts online or offline under an assumed identity. They can launch phishing or social engineering attacks with an increased success rate that enable the attacker to take over accounts. Taking a layered approach to security with advanced authentication that leverages the online behavior of a consumer with technology such as passive biometrics is key in successfully mitigating risk.”