Researchers at CloudSEK claim to have found evidence of the sale of a database containing 3.4 million users of online art and antique auction website.
LiveAuctioneers Data Breach Impacts 3.4 Million Usershttps://t.co/eqvTF5KZ4t
#infosec #informationsec— Information Security Briefly (@InfoSec_b) July 14, 2020
Experts Comments
I strongly urge Live Auctioneers customers to change the password for their account on the affected site.
It's a bit ironic that users of an auction site are now seeing their login credentials and personal details being auctioned off to the highest bidder. Data breaches such as this one should prove a fair warning to all online users to stay away from using the same login and password combination on multiple websites. It should also provide a warning to websites and services that persist in encrypting user information by using antiquated encryption methods.
I feel like a broken record, but I.....Read More
When it comes to protecting corporate assets, the best way to identify account compromises or account takeovers is with behavior analytics.
Account compromise attacks continue to net profits to cybercriminals. You should always use unique usernames and passwords for every application and system you touch. Hopefully, LiveAutioneer customers did not reuse their username/password combinations for any other systems or applications. When it comes to protecting corporate assets, the best way to identify account compromises or account takeovers is with behavior analytics. Cybercriminals can steal credentials but they cannot steal.....Read More
MD5 was proven vulnerable in 2010 and successful major attacks started emerging as early as 2012.
The use of MD5, an obsolete hash algorithm is a major oversight by LiveAuctioneers et al. MD5 was proven vulnerable in 2010 and successful major attacks started emerging as early as 2012, so there's really no reason to be using it a decade later. Despite that, MD5 is still widely used, including for password hashing. Organisations still using MD5 should immediately upgrade to SHA2 or better.
LiveAuctioneers users should immediately change their passwords. That includes any other accounts that.....Read More
Laurence Pitt, Global Security Strategy Director at Juniper Networks
“While there is nothing to say that the stolen data came from a single breach, what this emphasizes is the need for people to regularly update passwords and use 2FA wherever possible. With tools like Microsoft Authenticator and 1-Password making this so easy, there’s really no excuse for old and recycled passwords today.
The unfortunate reality is that hackers will steal whatever data they can lay their hands on and sell to the highest bidder. As the end user, this means we must take.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Given the major amounts of monies involved in some of the art auctions on LiveAuctions, its customers should expect far better security...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/millions-of-liveauctioneers-passwords-offered-for-sale-following-data-breach
Facebook Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Given the major amounts of monies involved in some of the art auctions on LiveAuctions, its customers should expect far better security...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/millions-of-liveauctioneers-passwords-offered-for-sale-following-data-breach