In response, Poshmark announced it conducted an internal investigation with support from a security forensics firm and “did not find any material vulnerabilities.” It has, however, “enhanced security measures across all systems to help prevent this type of incident from happening in the future.”
In a blog post, Poshmark advises users to change their passwords just in case. The accessed data does not include financial information or physical addresses, and affected users will be notified by email. The company added that hashed passwords are protected by encryption, which should make them difficult (but not impossible) to crack. This sort of data does, however, leave people open to the risk of phishing scams.
The company apologized for the breach, saying, “Poshmark is a platform built on love and transparency, and we’re committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn’t be the community we are today. We sincerely regret any concern this may cause you, and we’re here to answer any questions you may have.”