Live Auction Marketplace Confirms Data Breach - old news but not well known.

dognose

Silver Member
Apr 15, 2009
3,526
9,835
Indiana
Detector(s) used
Fisher F70
Not recent occurrence but a change in password on a regular basis is always a good measure.

1717178097929.png


LiveAuctioneers, an online auction platform headquartered in the United States, has confirmed a security incident after a database containing 3.4 million user records was put up for sale on the dark web for $2,500.
“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19,” the company said. “LiveAuctioneers was one of a number of their partners who have experienced a breach from an unauthorized party since this data processing partner”s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.”

According to a data breach notification posted by the live auction marketplace, the affected information includes names, email and mailing addresses, phone numbers and encrypted passwords. However, the data broker selling LiveAuctioneers” user data claimed that the database includes decrypted passwords and social media profiles.
The data breach memo also states that there is no evidence to suggest access to complete credit card data, and that no auction history was affected.

“Not all of this information may have been present on your account,” LiveAuctioneers said. “Additionally, our cybersecurity team has confirmed that complete credit card numbers were not accessed, and we have no reason to believe auction history was affected.”

On the same day, LiveAuctioneers disabled passwords on all bidder accounts, and advised users to follow the necessary steps to change their passwords. The company also emphasized that, although no auctioneer accounts were affected by the breach, a separate email containing personalized instructions for enhancing account security was sent on July 11.

LiveAuctioneers members can also follow additional security measures including:
> Changing the password to all of their online accounts that shared login credentials used for their LiveAuctioneers account.
> Review accounts for any suspicious activity
> Be wary of unsolicited email that could be seeking additional personal information, and never click on links or download attachments from unfamiliar or suspicious sources.
TAGS
 

Not recent occurrence but a change in password on a regular basis is always a good measure.

View attachment 2151951

LiveAuctioneers, an online auction platform headquartered in the United States, has confirmed a security incident after a database containing 3.4 million user records was put up for sale on the dark web for $2,500.
“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19,” the company said. “LiveAuctioneers was one of a number of their partners who have experienced a breach from an unauthorized party since this data processing partner”s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.”

According to a data breach notification posted by the live auction marketplace, the affected information includes names, email and mailing addresses, phone numbers and encrypted passwords. However, the data broker selling LiveAuctioneers” user data claimed that the database includes decrypted passwords and social media profiles.
The data breach memo also states that there is no evidence to suggest access to complete credit card data, and that no auction history was affected.

“Not all of this information may have been present on your account,” LiveAuctioneers said. “Additionally, our cybersecurity team has confirmed that complete credit card numbers were not accessed, and we have no reason to believe auction history was affected.”

On the same day, LiveAuctioneers disabled passwords on all bidder accounts, and advised users to follow the necessary steps to change their passwords. The company also emphasized that, although no auctioneer accounts were affected by the breach, a separate email containing personalized instructions for enhancing account security was sent on July 11.

LiveAuctioneers members can also follow additional security measures including:
> Changing the password to all of their online accounts that shared login credentials used for their LiveAuctioneers account.
> Review accounts for any suspicious activity
> Be wary of unsolicited email that could be seeking additional personal information, and never click on links or download attachments from unfamiliar or suspicious sources.
TAGS
It should be criminal to store peoples data then allow it to be stolen. Massive fines would go a long way to holding these companies accountable.
 

Agree.
We try to be responsible and protect our PII. It's been these third-party institutions that are lax in protecting the public when they utilize their services.

A person can be as careful as possible in protecting ones PII but if your doctor, hotel or store has poor controls, it's out the window. Then these organizations downplay, minimize or obfuscate any news of this to the general public remains in the dark and they have no repercussions.

I have used LiveAuctions in the past many times. I never heard of the LiveAuction hack until recently. A prime example of minimalization.

Then just today, Ticketmaster, reported a data breach.

At most when the target of the data breach, were told that our PII data "could" have been included the data stolen. The organization offers a year credit monitoring and the like.

That is about the least they could do since it could be years before the stolen PII data is used. A poor practice that is just window dressing so they can say they have addressed that part of the issue.
 

We try to be responsible and protect our PII. It's been these third-party institutions that are lax in protecting the public when they utilize their services.

A person can be as careful as possible in protecting ones PII but if your doctor, hotel or store has poor controls, it's out the window.

I agree with the general sentiment, but laying it all at the feet of the doctor, hotel, or store isn't right either. It's not like they are out there passing out the data (well, some might be, but that's a different issue). Data breaches happen when a criminal accesses data that he was not supposed to. When a burglar breaks in and takes things, do you blame the homeowner for not having better locks? Some of these companies spend enormous sums of time and money trying to "build better locks", so that data can't get out. But it still does, because the criminals still find a way. Look at how much money the entertainment industry spends on copy protecting music and videos, yet there are still bootleg copies of just about everything online somewhere. No matter how tightly you lock up your information, if it's worth anything, someone somewhere is trying to figure out how to get into it.
 

I agree with the general sentiment, but laying it all at the feet of the doctor, hotel, or store isn't right either. It's not like they are out there passing out the data (well, some might be, but that's a different issue). Data breaches happen when a criminal accesses data that he was not supposed to. When a burglar breaks in and takes things, do you blame the homeowner for not having better locks? Some of these companies spend enormous sums of time and money trying to "build better locks", so that data can't get out. But it still does, because the criminals still find a way. Look at how much money the entertainment industry spends on copy protecting music and videos, yet there are still bootleg copies of just about everything online somewhere. No matter how tightly you lock up your information, if it's worth anything, someone somewhere is trying to figure out how to get into it.


I the vast majority of cases they store the data without any real consent, without a viable option to out and because it’s helpful/ profitable to do so.

If they collect, store and then don’t adequately protect the data it’s completely different than the picture you painted.

If a data broker buys your online profile then is “stolen” what then? These companies don’t have to store this data. They choose to.
 

Top Member Reactions

Users who are viewing this thread

Back
Top