Over the years, TechCrunch has extensively covered various data breaches. Our reporting on significant data breaches has been some of the most-read content on our platform. This includes uncovering security lapses in startups holding sensitive genetic information and disproving privacy claims by messaging apps.
The issue of data breaches extends beyond just personal information. Some breaches contain data of public interest or useful for researchers. For example, leaked internal chat logs of ransomware gangs and massive leaks from government databases have shed light on surveillance practices.
One of the biggest challenges in reporting on data breaches is verifying the authenticity of the data to prevent the spread of fake information. Verifying data breaches is crucial for companies and individuals to take action promptly and protect themselves.
Micah Lee, an author, detailed his experiences in authenticating large datasets in a recent book. His insights on verifying hacked datasets are valuable for journalists, researchers, and activists.
Each data breach requires a unique approach to confirm the validity of the data. This involves using different tools and techniques to analyze the data and trace its origin.
In line with Lee’s approach, we have successfully verified several data breaches in the past. These instances demonstrate our methodology in confirming breaches and holding companies accountable.
How TechCrunch Exposed StockX’s Data Breach
In August 2019, StockX, a sneaker marketplace, falsely informed users about a password reset due to system updates. TechCrunch revealed that StockX had experienced a data breach compromising millions of customer records. Subsequent investigations confirmed the breach with the help of a sample dataset provided by the hacker.
StockX’s password reset email to customers citing unspecified “system updates.” Image Credits: file photo.
