Researchers claim that millions of LiveAuctioneers online antique marketplace user data breached
LiveAuctioneers brings an international audience of millions to the heart of the bidding action in art, antiques, Jewelry, and Collectibles auctions across the globe. By hosting thousands of auctions in real-time via the Internet, the site allows unprecedented access to remote sales, and savvy bidders can often land desired items at very desirable prices.
CloudSEK had discovered the data leak that contains sensitive information of 3.4 million users of liveauctioneers.com. The company has now revealed that it suffered a data breach in which millions of users passwords and data was leaked. In an alert sent by the company, LiveAuctioneers said that “encrypted passwords” had been stolen along with names, email addresses, mailing addresses, and phone numbers.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 million LiveAuctioneers users. The post was published on 10 July 2020 at 07:25 PM, a day before the statement from LiveAuctioneers. The poster is selling 3.4 million users’ data and 3 million cracked username password combinations. The seller has shared 15 user records and 24 email-password combinations to support their claims.
However, the New York-based company later confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19.
According to CloudSEK’s report, it was found that the details of the users that were breached included the Email address, Username, Encrypted passwords, First name, Last name, Physical address, IP address (in some cases).
It was also discovered that the seller also claims to have cracked the MD5 encrypted passwords and has shared a sample that contains 24 users’ Username and Cracked passwords. The company on this responded by blocking unauthorized access and that they have disabled all bidder accounts’ most recent passwords.
LiveAuctioneers said that every data type was not necessarily present on the account of every user at the time of the breach. The company emailed personalized security instructions to all the users that were probably affected by the data breach, The instructions advised users to change their account passwords and identical or similar passwords used for other online accounts and to be on guard for phishing emails.
For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.