Many StockX customers received an email from the company yesterday asking them to reset their password. Some who got the email for the StockX password reset were concerned, thinking it was a phishing attack or that their account was hacked. The sneaker and streetwear resale site later confirmed that the email is authentic.
What made users suspicious about the StockX password reset email was that it didn’t provide much information. The email includes the subject, “Please reset your StockX password,” and a line saying, “We recently completed system updates on the StockX platform. To access your account, reset your password by clicking below.”
That was no other information or even a prior warning from the company regarding the password reset. Thus, after getting such an email, many users were concerned that their account was hacked or that StockX’s website had been breached. When users tried to log in to their accounts, they were met with a message saying, “Password Reset Required,” before login.
“Skeevy email of the day award goes to @stockx for this suspicious ‘reset your password for…. reasons’ email,” one user tweeted.
“Did they get hacked, find out somehow, and then to cover it up send out that email and ask for a password change?” another user asked, according to TechCrunch.
After users starting raising concerns, StockX assured them that the email they received is authentic:
The password reset email you received is legitimate, was sent to all users and came from our team. Please reach out to firstname.lastname@example.org if you have any additional questions.
— StockX (@stockx) August 1, 2019
StockX’s email serves as a good example of how a company should not send a password reset email. Due to the growing number of data breaches and phishing instances, users are extremely concerned about their online security. What’s good in all this is that many customers who received the StockX password reset email did not followed it blindly. Instead, they forced the company to share additional information.
If StockX had provided more information in the email and a link to a site answering user queries, it wouldn’t have been flooded with concerns from customers.
It is not exactly clear what pushed StockX to send those emails. In the email, the retailer asked customers to reset their passwords due to “system updates” to its platform. However, later in the tweet, the company said it is updating its security “out of an abundance of caution” while it continues to investigate the matter.
StockX gave no further details, even when asked by TechCrunch. It declined to comment on who alerted StockX to the suspicious activity, if any user data was compromised, and the real reason it asked for a password reset.
However, security experts doubt a “systems update” to be a reason for a password reset. Security researcher John Wethington told TechCrunch that security updates requiring passwords reset are rare.
“You wouldn’t just send out a random email about it,” he said.
Detroit-based StockX was valued at over $1 billion after it raised $110 million last month. StockX also got a new CEO last month in e-commerce veteran Scott Cutler. He replaced co-founder Josh Luber, who continues to be the company’s public face.
Cutler, who previously worked at eBay, StubHub and the New York Stock Exchange, became an adviser to StockX in 2016. At the time, he read about the company’s plans to create a platform modeled after marketplaces like eBay and StubHub.
“I immediately reached out and said, ‘Interestingly enough, I am the one person on the Earth that knows all of those companies intimately well,’” Cutler said, according to The New York Times.
StockX initially focused only on becoming a resale source for shoes. After early success, the company expanded into more categories, such as watches, handbags and more recently, streetwear. According to investment bank Cowen, the resale market for sneakers and streetwear in North America is estimated to be worth $2 billion now and $6 billion by 2025.
On StockX, buyers bid for items or buy them at the lowest asking price from sellers. After a buyer and seller reach an agreement, the seller ships the item to StockX’s authentication centers, where the authenticity of the item is tested before shipping it to the buyer. StockX charges a transaction fee for its services.
The company’s revenue more than doubled last year with gross product sales of over $100 million a month, The New York Times said last month. The company has over 800 employees. There are no user profiles or ratings on StockX; rather; it includes detailed sales and pricing history for each item.