LiveAuctioneers Data Breach puts 3.4 Million Users at Risk

LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum. Founded in 2002, the art, antiques, jewelry, and collectibles online marketplace claims to be broadcasting thousands of live auctions each year, providing live bidding options for millions of items.

On July 10th, 2020, a data breach broker began selling a database that allegedly contains 3.4 million user records stolen from the LiveAuctioneers’ site. This data allegedly contains user’s email addresses, usernames, MD5 hashed passwords, names, phone numbers, addresses, IP addresses, and social media profiles.

In addition to the this data, the seller stated that 3 million of the accounts had their passwords decrypted, which were included in the sale. This type of data is a treasure trove for threat actors as it can be used in targeted phishing attacks and credential stuffing attacks at other sites

“Our cybersecurity team has confirmed that complete credit card numbers were not accessed, and we have no reason to believe auction history was affected,” LiveAuctioneers says.

The bidding portal has prompted a platform-wide password reset operation, and all users will have to set a new password when first accessing their accounts. Both bidder and auctioneer accounts are impacted by the move.

Reference:

https://help.liveauctioneers.com/article/496-july-11-2020-liveauctioneers-account-security