3.4 Million user records from LiveAuctioneers hack available for sale

cloudsek.com
CloudSEK has discovered a data leak that contains sensitive information of 3.4 million users of liveauctioneers.com. LiveAuctioneers is an online bidding and auctioning forum for art, antiques, jewellery, and collectibles. 

On 11 July 2020 LiveAuctioneers posted a statement on their website confirming that an unauthorized third party had accessed their user data, through a security breach at a data processing partner, on 19 June 2020.

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 million LiveAuctioneers users. 

The post was published on 10 July 2020 at 07:25 PM, a day before the statement from LiveAuctioneers. The poster is selling 3.4 million users’ data and 3 million cracked username password combinations. The seller has shared 15 user records and 24 email-password combinations to support their claims.

cloudsek.com


The contents of the leak

The sample records contain 15 users’: 

  • Email address
  • Username
  • Encrypted passwords
  • First name
  • Last name
  • Physical address 
  • IP address (in some cases)

The seller also claims to have cracked the MD5 encrypted passwords and has shared a sample that contain 24 users’:

  • Username
  • Cracked passwords

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

FortiManager Zero-Day Exploit: Fortinet Issues Urgent Security Warning

  Fortinet Issues Urgent Warning About Critical FortiManager Vulnerability (CVE-2024-47575) Fortinet has publicly disclosed a critical vulne...