Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)
LiveAuctioneers Confirms Breach After Records Posted for Sale
CloudSEK: 3.4 Million Customers' Records Being Marketed on DarknetAuction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported on Friday that it discovered about 3.4 million LiveAuctioneers customers’ records had been posted for sale on a darknet forum.
See Also: OnDemand | A Practical Approach to Threat Detection, Investigation, and Response
The data posted for sale includes customers' names, phone numbers, physical addresses, IP addresses, email addresses, usernames and encrypted passwords, according to CloudSEK.
Those offering the data for sale claim to have cracked the MD5 hashes used to encrypt the passwords and posted about 24 combinations of usernames and passwords as an example to support their claims, CloudSEK says. MD5 hashes can be generated quickly, increasing the likelihood that a given hash can be linked to its original plain text. This is why many organizations have moved away from using MD5 hashes.
Using public records, the CloudSEK researchers were able to confirm the accuracy of some of the data posted on the underground site, including mobile phone numbers and physical addresses. Most of the data is for U.S. and U.K. residents, the researchers say.
On Monday, BleepingComputer reported that the LiveAuctioneers database was being offered for sale for $2,500.
Breach Notification
After the CloudSEK report was published, LiveAuctioneers, which offers an online bidding platform for art, antiques and collectibles, sent a notification to customers.
The notification states that the company’s security team determined that hackers accessed the customer data on June 19 following a security breach at a data processing firm used by the company.
The exposed data did not include customer payment card details or histories of bids on various items, LiveAuctioneers states. The company says it’s disabling passwords for all customer accounts and requiring members to conduct a password reset using a "forgot password" link.
A spokesperson for LiveAuctioneers could not be immediately reached for comment.
Similar Incidents
In recent months, several other organizations have found their customer data posted for sale on darknet forums.
For example, in May, researchers with security firm ZeroFox found approximately 26 million user records offered for sale on underground forums that apparently were obtained from data breaches at meal-kit delivery service Home-Chef, photo-printing firm ChatBooks and educational news site The Chronicle of Higher Education (see: Hackers Try to Sell 26 Million Breached Records: Report).