CloudSEK has discovered a data leak that contains sensitive information of 3.4 million users of liveauctioneers.com. LiveAuctioneers is an online bidding and auctioning forum for art, antiques, jewellery, and collectibles.
On 11 July 2020 LiveAuctioneers posted a statement on their website confirming that an unauthorized third party had accessed their user data, through a security breach at a data processing partner, on 19 June 2020.
Discovery of the leak
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 million LiveAuctioneers users.
The post was published on 10 July 2020 at 07:25 PM, a day before the statement from LiveAuctioneers. The poster is selling 3.4 million users’ data and 3 million cracked username password combinations. The seller has shared 15 user records and 24 email-password combinations to support their claims.
The contents of the leak
The sample records contain 15 users’:
- Email address
- Encrypted passwords
- First name
- Last name
- Physical address
- IP address (in some cases)
The seller also claims to have cracked the MD5 encrypted passwords and has shared a sample that contain 24 users’:
- Cracked passwords
LiveAuctioneers claims that unauthorized access has been blocked and that they have disabled all bidder accounts’ most recent passwords.
Data verification and validation
Using public sources we were able to verify various fields such as mobile number, physical address and email address in the sample data. The sample has a mix of US and UK users’ data.
- Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
- Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the victims’ accounts.
Recommendations for the affected users
- Check if your LiveAuctioneers accounts have been tampered with.
- Enable multi-factor authentication.
- Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts.
- Review all online accounts and financial statements for suspicious activity. And change the passwords of accounts that have the same password as your LiveAuctioneers account.
- Caution friends and family against threat actors impersonating you.
- Use strong passwords.
- Enable multi-factor authentication for all your online accounts.
- Don’t share OTPs with third-parties.
- Review online accounts and financial statements periodically.
- Regularly update your apps and any other software you use.