Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

3.4 Million user records from LiveAuctioneers hack available for sale

Auctions platform LiveAuctioneers admitted to have suffered a data breach that likely impacted approximately 3.4 million users. Auctions platform LiveAuctioneers disclosed a a data breach that might have impacted approximately 3.4 million users. LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002. The company confirmed the […]

LiveAuctioneers

Auctions platform LiveAuctioneers admitted to have suffered a data breach that likely impacted approximately 3.4 million users.

Auctions platform LiveAuctioneers disclosed a a data breach that might have impacted approximately 3.4 million users.

LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002.

The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information.

“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020.” reads the data breach notification published by the company.

“LiveAuctioneers was one of a number of their partners who have experienced a breach from an unauthorized party since this data processing partner’s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.”

According to the company, attackers accessed personal details of the users, including names, email addresses, mailing addresses, phone numbers, and also encrypted passwords. Financial data, including credit card numbers, were not accessed by the hackers. The company confirmed that the an investigation into the hack is still ongoing.

In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones.

Unfortunately stolen data are already available for sale on the dark web, security researchers at CloudSEK reported.

The experts found a post advertising information of roughly 3.4 million LiveAuctioneers users.

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 million LiveAuctioneers users.” reads the post published by CloudSEK.

“The post was published on 10 July 2020 at 07:25 PM, a day before the statement from LiveAuctioneers. The poster is selling 3.4 million users’ data and 3 million cracked username password combinations. The seller has shared 15 user records and 24 email-password combinations to support their claims.”

The seller claims to have usernames, encrypted passwords, email addresses, complete names, physical addresses, and IP addresses for the platform users.

Researchers verified the authenticity of the data included in a sample set composed of US and UK users’ records.

Experts warn that attackers can use the PII in the data dump to carry out phishing campaigns, online and offline scams, and even identity theft.

“Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the victims’ accounts.” conclude the experts.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LiveAuctioneers)

[adrotate banner=”5″]

[adrotate banner=”13″]