Breach Notification , Incident & Breach Response , Security Operations

LiveAuctioneers Confirms Breach After Records Posted for Sale

CloudSEK: 3.4 Million Customers' Records Being Marketed on Darknet
LiveAuctioneers Confirms Breach After Records Posted for Sale
LiveAuctioneers' website

Auction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported on Friday that it discovered about 3.4 million LiveAuctioneers customers' records had been posted for sale on a darknet forum.

See Also: Indicators of Compromise and Why It Takes Six-Plus Months to ID a Breach

The data posted for sale includes customers' names, phone numbers, physical addresses, IP addresses, email addresses, usernames and encrypted passwords, according to CloudSEK.

Those offering the data for sale claim to have cracked the MD5 hashes used to encrypt the passwords and posted about 24 combinations of usernames and passwords as an example to support their claims, CloudSEK says. MD5 hashes can be generated quickly, increasing the likelihood that a given hash can be linked to its original plain text. This is why many organizations have moved away from using MD5 hashes.

Using public records, the CloudSEK researchers were able to confirm the accuracy of some of the data posted on the underground site, including mobile phone numbers and physical addresses. Most of the data is for U.S. and U.K. residents, the researchers say.

On Monday, BleepingComputer reported that the LiveAuctioneers database was being offered for sale for $2,500.

Breach Notification

After the CloudSEK report was published, LiveAuctioneers, which offers an online bidding platform for art, antiques and collectibles, sent a notification to customers.

The notification states that the company's security team determined that hackers accessed the customer data on June 19 following a security breach at a data processing firm used by the company.

The exposed data did not include customer payment card details or histories of bids on various items, LiveAuctioneers states. The company says it's disabling passwords for all customer accounts and requiring members to conduct a password reset using a "forgot password" link.

A spokesperson for LiveAuctioneers could not be immediately reached for comment.

Similar Incidents

In recent months, several other organizations have found their customer data posted for sale on darknet forums.

For example, in May, researchers with security firm ZeroFox found approximately 26 million user records offered for sale on underground forums that apparently were obtained from data breaches at meal-kit delivery service Home-Chef, photo-printing firm ChatBooks and educational news site The Chronicle of Higher Education (see: Hackers Try to Sell 26 Million Breached Records: Report).


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.