So StockX got hacked

[nawghtyhare]

In 2017 I asked Stock X to close my account and delete my data. Even though the account was closed, they retained all of my data, which was subsequently part of the hack. So I emailed them again a month ago asking for them to explain why they didn't originally delete my data. I also made a request under the GDPR to disclose exactly what data they still hold on me, and to also delete it. This is the response I got:


Dear xxxxx,

Data Subject Erasure Request

I write further to your Personal Data Erasure Request, as set out in your email dated 8/3/2019. We have undergone a review of the personal data that we hold about you and have deleted your personal data to which the right of erasure applies.

We can confirm that we have erased the following personal data about you.

• Your personal preferences and settings, including:
  • Payment methods
  • Subscription to mailing lists
  • Encrypted password
  • User devices
  • IP addresses

We have not been able to erase the following information because we need to retain certain information for our legitimate legal, audit, and tax purposes.

• Your name and contact details including:
  • First and Last Name
  • Email
  • Phone number
  • Billing addresses
  • Shipping addresses
• Your transaction history

We have complied with your request to the extent possible, but note that some of your data is held in back-ups. This information is inaccessible due to how our back-ups are stored. In the event that we need to use a back-up containing your personal data to restore the other information, your personal data has been flagged for deletion, and will be erased prior to the back-up data being accessed, or will be deleted manually upon the back-up being restored.

The categories of recipients to whom we disclose personal data are:

• Payment processing providers who provide secure payment processing services, such as PayPal Inc. (including Braintree) and Riskified Ltd.
• Analytics, search engine providers and digital marketing providers that assist StockX in the improvement and optimization of its site and to grow and develop its business, such as Criteo, Facebook, Google, Ask Nicely Limited, AppsFlyer Inc., Snap Inc. and LiveRamp Holdings Inc.
• Service providers of StockX who assist StockX in administering your account and to process and deliver your orders, such as Salesforce, Dropbox, Intercom, Inc., UPS, DHL, and Leanplum, Inc.

In respect of the companies listed above, this includes processing in countries outside the EEA, including in the USA, and these transfers of personal data are subject to appropriate safeguards such as the use of European Commission-approved model clauses, or privacy shield certification.

Personal data is held for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

Your rights under data protection law include the rights to request your personal data are, where relevant, corrected or erased or restricted or under certain circumstances to object to the processing of personal data. You also have the right to make a complaint to a data protection regulator.

Yours sincerely,
Maureen Lesko
Senior Counsel, StockX

yup class action coming SOON

 

[bigtoe]

Also got this email regarding my request for a copy of what information they are holding about me.

Dear xxxxx,

In order to process your request, please provide us a copy of your identification so we can confirm that you are the account holder. A copy of a government issued identification would suffice. Once we receive confirmation of your identity we will send you a password protected link to StockX’s enterprise Dropbox account to access the requested information held as personal data about you by us to which you are entitled. For some reason you prefer not to access the requested information through Dropbox, please let us know and we will mail you a password protected thumb drive.

Yours sincerely,
Maureen Lesko
Senior Counsel, StockX


Considering they couldn't keep my data secure in the first place, how can I trust them with a copy of my ID?

 

[nawghtyhare]

Also got this email regarding my request for a copy of what information they are holding about me.

Dear xxxxx,

In order to process your request, please provide us a copy of your identification so we can confirm that you are the account holder. A copy of a government issued identification would suffice. Once we receive confirmation of your identity we will send you a password protected link to StockX’s enterprise Dropbox account to access the requested information held as personal data about you by us to which you are entitled. For some reason you prefer not to access the requested information through Dropbox, please let us know and we will mail you a password protected thumb drive.

Yours sincerely,
Maureen Lesko
Senior Counsel, StockX


Considering they couldn't keep my data secure in the first place, how can I trust them with a copy of my ID?

reply with that exact question
curious on their response

 

[All_$tar1997]

I emailed these lames a week ago to close my account and I still have not gotten a reply.

 

[itshlittt]

goat >

 

[alchemist iq]

goat >

Facts...
Just got a offer accepted thru them.

 

[itshlittt]

Facts...
Just got offer accepted thru them.

you can even just drop the kicks off if you're near flight club.

 

[alchemist iq]

you can even just drop the kicks off if you're near flight club.

That's what's up. Pretty sure it will open to Footlocker cause Footlocker brought them or some sorta partnership they have together

 

[Bert.]

goat >

 

[JBII]

tell me more about this goat

 

[jaymosenvied]

I have no problems with GOAT. StockX when it comes to buying is trash. Had two sellers not send there shoes out and they don’t give no updates.

 

[alchemist iq]

I have no problems with GOAT. StockX when it comes to buying is trash. Had two sellers not send there shoes out and they don’t give no updates.

I asked goat for updates such as seller pics and got one 5 minutes later.

GOAT>

 

[kidoopz]

Just Got my account breached through stockx... Someone logged in and changed the payout address.. I'm annoyed! I realized this was an issue when my microsoft account was logged into last week and I couldn't log into my Xbox Live.. I never even log into microsoft bro! This is a major problem

 

[getback]

Someone tried to log into my Google account from Maryland and Honduras.

 

[All_$tar1997]

To The people that were able to close their stockx accounts. How long did it take? Because I emailed them about 2 weeks ago and still no answer to close my account.

 

[superblytrife]

Everyone saying GOAT > won’t be singing that same tune if they get hacked.

StockX and GOAT are essentially the same thing. GOAT’s data security can be penetrated, too. Lets hope it doesn’t happen though.

 

[nawghtyhare]

To The people that were able to close their stockx accounts. How long did it take? Because I emailed them about 2 weeks ago and still no answer to close my account.

the next day
by late afternoon

 

[Beruseruku Desu]

Said this before but I’ll say it again... literally anything can get hacked. Shoot even the federal gov gets hacked lol.

But the way StockX handled it was poor.

 

[hipstermike]

2FA all services and emails fam

 

[debso]

yo...some person is using my Netflix. I can't easily remove them as the site is blocked at work and I don't have the app.
smh.

I don't understand why I can't just remove the profile using the browser on my phone.

 

[donpoppa]

yo...some person is using my Netflix. I can't easily remove them as the site is blocked at work and I don't have the app.
smh.

I don't understand why I can't just remove the profile using the browser on my phone.

Try doing desktop view from your phone. Remember to have it sign out of all locations.

 

[alchemist iq]

yo...some person is using my Netflix. I can't easily remove them as the site is blocked at work and I don't have the app.
smh.

I don't understand why I can't just remove the profile using the browser on my phone.

Thanks bro, about to be done with sticks and stones. Highly recommend you watch it.

 

[youngbillrussel]

Same thing happen to me w netflix. Find out the customer service number and explain it took me like 5 mins

 

[debso]

stockx is good for selling stuff...
the fact that you have to use a cc to purchase is wack.
if goat had streetwear...but it doesn't. but yeah, i'm done with stockx. guess I have to take my chances with grailed.

 

[nawghtyhare]

yo...some person is using my Netflix. I can't easily remove them as the site is blocked at work and I don't have the app.
smh.

I don't understand why I can't just remove the profile using the browser on my phone.

This whole thing is wild
Are they still doing business