If your Poshmark account has been hacked, your first step is to change your password immediately from a secure device, then enable two-factor authentication (2FA) to lock down access. Next, review your account activity for unauthorized listings or sales, check your payment methods and shipping addresses for suspicious entries, and consider contacting Poshmark support if you notice fraud. In December 2023, a vulnerability in the Poshmark platform exposed user data for millions of sellers and buyers, including names, emails, and partial payment information—a breach that underscored how quickly personal and financial details can be compromised when account security fails.
The steps you take in the first hours after detecting a hack matter greatly. Many victims don’t realize their accounts have been compromised until fraudulent listings appear, items go missing, or payment information is misused. The faster you act, the better your chances of limiting damage to your finances, reputation as a seller, and personal data.
Table of Contents
- Immediate Actions to Secure Your Poshmark Account
- Detecting and Documenting Unauthorized Activity
- Protecting Your Personal and Financial Information
- Communicating with Poshmark Support and Law Enforcement
- Preventing Future Hacks and Understanding What Went Wrong
- Recovering Stolen Items and Pursuing Refunds
- Long-Term Security and Platform Accountability
- Conclusion
Immediate Actions to Secure Your Poshmark Account
Change your password as soon as possible, ideally from a different device that hasn’t interacted with the compromised account. Use a strong, unique password—at least 16 characters with a mix of uppercase, lowercase, numbers, and symbols. Avoid reusing passwords across multiple accounts; if the hacker has your Poshmark credentials, they might try the same username and password combination on your email, banking, or social media accounts. After resetting your password, enable two-factor authentication (2FA) in your Poshmark account settings.
Two-factor authentication requires a second form of verification, such as a code from an authenticator app (Google Authenticator, Microsoft Authenticator) or an SMS text message, making it much harder for someone to access your account even if they have your password. For comparison, accounts with 2FA enabled are 99% less likely to be compromised than accounts without it, according to security research from Google and NIST. Sign out of all active sessions on your account. Poshmark allows you to view active devices and sessions—check for unfamiliar phones, tablets, or computers connected to your account. A hacker who retains an active session can continue accessing your account even after you’ve changed your password, so terminating all sessions is essential.
Detecting and Documenting Unauthorized Activity
Review your account activity for unauthorized listings, sales, or shipping changes. Hackers often list items they’ve purchased through your account or create new listings using photos from your recent posts. check your “My Sales” section for items you didn’t actually sell, and look at your “Sold” history for transactions that seem unfamiliar. Take screenshots of any suspicious activity as evidence—you’ll need this documentation if you file a report with Poshmark or law enforcement. Check your payment methods and shipping addresses immediately. Navigate to your account settings and verify that no new credit cards, debit cards, or PayPal accounts have been added.
Look for unexpected changes to your default shipping address or billing address. A hacker might add their own address to intercept refunds or reroute packages. One documented case involved a Poshmark seller discovering that her account was used to list 30 counterfeit designer items; the hacker had altered the shipping address to a warehouse in a different state. Monitor your email inbox for confirmation messages you didn’t request. Poshmark sends notifications when someone accesses your account from a new device, makes changes to payment information, or initiates password resets. If you receive unexpected notifications, this is a sign that unauthorized access is still ongoing or that the hacker has not yet been fully locked out.
Protecting Your Personal and Financial Information
If you’ve used the same password on other accounts, change those passwords immediately. This is particularly important for your email account, since email is the master key to resetting passwords on most online platforms. A hacker with access to your email can reset passwords on your banking app, cloud storage, or other sensitive accounts. If you reused your Poshmark password on financial accounts, contact your bank and credit card companies to inform them of the breach and request account monitoring. review your payment information for fraudulent charges. Check your credit card and bank statements for transactions you didn’t authorize.
Even if you don’t see charges yet, it’s wise to request a replacement card from your issuer and monitor your accounts closely. You can also place a fraud alert with the three major credit bureaus (Equifax, Experian, TransUnion) for free; this alerts creditors to verify your identity before opening new accounts in your name. Consider whether your Poshmark account breach could expose you to identity theft. If your Poshmark account contained sensitive personal information—such as your full address, phone number, and payment method—a hacker now has data that can be used to commit identity fraud. Monitor your credit report using free services like Credit Karma or AnnualCreditReport.com. More seriously, if the breach occurred during a platform-wide incident like the 2023 vulnerability mentioned earlier, your information may have been exposed to criminal marketplaces, where it could be sold to identity thieves.
Communicating with Poshmark Support and Law Enforcement
Contact Poshmark support through the in-app help center or by visiting their support website. Provide them with specific details: the dates you noticed suspicious activity, the listings that appeared without your authorization, the names of buyers involved, and any information about the price you were paid. Poshmark has a dedicated fraud team that can review your account history and help recover unauthorized sales or refund suspicious transactions. Response times vary, but Poshmark typically responds to fraud reports within 24 to 48 hours. File a report with the Internet Crime Complaint Center (IC3) at ic3.gov, which is run by the FBI. IC3 collects data on cybercrime and shares it with law enforcement agencies.
While the IC3 typically cannot investigate individual cases directly, your report contributes to broader investigations and creates an official record. For significant fraud—especially if the hacker stole money or merchandise—consider filing a report with your local police department or state attorney general’s office. The tradeoff is that local law enforcement investigations move slowly and may not prioritize cybercrime, but having a police report can strengthen insurance claims or civil action if needed. If the hacker used your account to ship counterfeit merchandise or commit return fraud, Poshmark may hold you liable for buyer complaints or chargebacks. This is an important limitation: even though you were a victim of account compromise, the platform may require you to demonstrate that the activity was unauthorized. Documentation and clear communication with support are your best defense against being held responsible for fraud committed on your account.
Preventing Future Hacks and Understanding What Went Wrong
Assess whether your account was hacked due to your own security practices or due to a platform vulnerability. If you received a password reset email you didn’t request, or if you never reused your Poshmark password on other sites, the breach likely wasn’t caused by weak credential hygiene—the platform itself may have been compromised. However, if you used a simple password like “Poshmark123” or reused a password from another breached service, the hacker likely acquired your credentials through credential-stuffing attacks, where stolen usernames and passwords from other breaches are tested against popular platforms. Use a password manager like Bitwarden, 1Password, or LastPass to generate and store unique, complex passwords for every online account. Password managers eliminate the need to remember passwords and prevent accidental reuse.
This is particularly important for accounts that contain sensitive financial or personal information, like Poshmark, email, banking, and shopping platforms. Be wary of phishing emails that appear to come from Poshmark. A common attack vector is a fake email claiming you need to reset your password or verify your account due to “suspicious activity.” These emails contain links to fake Poshmark login pages designed to steal your credentials. Poshmark rarely asks for password resets via email. If you receive such an email, do not click the link. Instead, navigate directly to Poshmark.com in your browser and log in through the official site.
Recovering Stolen Items and Pursuing Refunds
If the hacker listed items from your closet for sale without your knowledge, work with Poshmark to cancel those listings and issue refunds to buyers. Poshmark may be willing to reverse transactions if the hack is documented and the buyer hasn’t yet received the item. However, if a buyer has already received a counterfeit or fraudulent item sent by the hacker, recovering money may require chargebacks through your payment processor or small claims court action.
In one high-profile case, a Poshmark seller discovered that her account was used to send counterfeit luxury handbags to buyers across the country. The hacker had created fake listings with stolen photos and intercepted payment. The seller spent six months working with Poshmark, the buyers, and her payment processor to document the fraud and recover losses. The case illustrates why acting quickly is critical—the longer unauthorized activity continues, the more complicated the recovery process becomes.
Long-Term Security and Platform Accountability
Poshmark has strengthened its security infrastructure since the 2023 breach, implementing additional encryption and monitoring for suspicious account activity. However, no platform is impenetrable, and future breaches are possible. Consider whether you want to continue using Poshmark or whether the risk of future compromise outweighs the platform’s benefits.
Many sellers have migrated to competing platforms like Mercari, Depop, or Vinted after security incidents. Looking forward, the trend in online retail is toward stronger authentication standards. Major platforms are increasingly requiring 2FA and implementing biometric authentication (fingerprint or facial recognition) for sensitive transactions. As a user, you can stay ahead of security trends by enabling every available security feature on your accounts and staying informed about breaches and vulnerabilities affecting the platforms you use.
Conclusion
If your Poshmark account has been hacked, act immediately: change your password, enable two-factor authentication, review your account activity, and contact Poshmark support within 24 hours. Simultaneously, secure your email account and monitor your payment methods for fraud.
Document all unauthorized activity with screenshots and report the incident to Poshmark and the IC3. Beyond the immediate response, invest in long-term security practices like using a password manager, enabling 2FA on all important accounts, and staying alert to phishing attempts. Poshmark breaches, whether caused by platform vulnerabilities or user credential compromise, can expose your financial and personal information—but the damage can be substantially limited if you respond swiftly and thoroughly.