Tell HN: Poshmark instantly leaked my email to scammers

9•hardenedmetapod•2w ago

Browsing for an obscure piece of electronics, I ran across a Poshmark listing that had it for considerably cheaper than anywhere else.

I didn't have an account yet, so I signed up with Google SSO and was able to place the order.

About an hour later I got an email as if I was the seller telling me to click this link to verify my account for my funds to be deposited.

Obviously phishing. Upon closer inspection, I had two earlier that were properly filtered to spam that were about 30 minutes after the order.

So the question here is what part of their system is so fundamentally broken that scammers instantly get my email? Does the seller get that upon me making that purchase?

And if that's not the case, then that means somebody has completely compromised their system.

Comments

myself248•2w ago

Yikes. I wonder if there's a way to differentiate between the bad-seller and the poshmark-is-compromised case.

chrisjj•2w ago

Sure. Be a seller.

hardenedmetapod•2w ago

There's a third case that I never considered.

Google SSO is the promoted way of signing in and it auto assigns your email to the username without any special characters so scammers could just be scraping new accounts and making a best guess at the email.

Lame.

chrisjj•2w ago

I'd call that the first case and the second case. Lame indeed.

chrisjj•2w ago

> So the question here is what part of their system is so fundamentally broken that scammers instantly get my email?

Perhaps none. Did the T&Cs permit this disclosure?

hardenedmetapod•2w ago

Not that I can see offhand. It mentions using your email for correspondence and copyright disputes.

chrisjj•2w ago

I'd say odds on Poshmark leaking your address to the seller.

The fact you got spam so soon makes me wonder, did you get your goods?

altairprime•2w ago

Sounds exactly like a common website “significantly cheaper” scam, only on Poshmark slash Etsy slash Amazon, where the seller is provided your contact info in order to ship you things. Did they have a history of completed sales? Did you ask any questions and get a response (or not) before purchasing? Someone always ends up being the first rube at any online marketplaces from a scam seller who hasn’t been reported yet, at least when said marketplaces aren’t doing serious in-person identity verification first, and this time you’re the lucky one.

LLMs are powerful, but enterprises are deterministic by nature

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Ask HN: Ideas for small ways to make the world a better place

Ask HN: Non AI-obsessed tech forums

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Who wants to be hired? (February 2026)

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Ask HN: Who is hiring? (February 2026)

AI Regex Scientist: A self-improving regex solver

Tell HN: Another round of Zendesk email spam

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: Is it just me or are most businesses insane?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Ask HN: Is there anyone here who still uses slide rules?

Ask HN: Any International Job Boards for International Workers?

Kernighan on Programming

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: Does a good "read it later" app exist?

Ask HN: How Did You Validate?

Ask HN: Have you been fired because of AI?

Ask HN: Cheap laptop for Linux without GUI (for writing)

Ask HN: Anyone have a "sovereign" solution for phone calls?

Ask HN: OpenClaw users, what is your token spend?

Test management tools for automation heavy teams

Tell HN: Poshmark instantly leaked my email to scammers

Comments

LLMs are powerful, but enterprises are deterministic by nature

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Ask HN: Ideas for small ways to make the world a better place

Ask HN: Non AI-obsessed tech forums

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Who wants to be hired? (February 2026)

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Ask HN: Who is hiring? (February 2026)

AI Regex Scientist: A self-improving regex solver

Tell HN: Another round of Zendesk email spam

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: Is it just me or are most businesses insane?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Ask HN: Is there anyone here who still uses slide rules?

Ask HN: Any International Job Boards for International Workers?

Kernighan on Programming

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: Does a good "read it later" app exist?

Ask HN: How Did You Validate?

Ask HN: Have you been fired because of AI?

Ask HN: Cheap laptop for Linux without GUI (for writing)

Ask HN: Anyone have a "sovereign" solution for phone calls?

Ask HN: OpenClaw users, what is your token spend?

Test management tools for automation heavy teams