“Encrypted passwords” and contact details fall into the hands of unauthorised party.

LiveAuctioneers security breach puts user details at risk

LiveAuctioneers security breach puts user details at risk

LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

In a statement posted on its website, LiveAuctioneers has confirmed that “an unauthorised third party” accessed user data for the past two weeks.

According to the auction-streaming website, the security breach occurred at an unnamed data processing partner of LiveAuctioneers:

Our cybersecurity team has confirmed that an unauthorized third party accessed certain user data in the past two weeks through a security breach at a LiveAuctioneers data processing partner.

The data that has been accessed could include user account information like names, email addresses, mailing addresses, visit history, phone numbers, last four digits of credit cards, credit card expiration dates, and encrypted passwords. Not all of this information may have been present on your account. Please also know that complete credit card numbers were not accessed.

LiveAuctioneers claims to have blocked the unauthorised party’s access to the data, and disabled user passwords.



Sign up to our newsletterSign up to Graham Cluley’s newsletter – “GCHQ”
Security news, advice, and tips.

Users are encouraged to change their passwords on the website, but I would go further and recommend that if any LiveAuctioneers users have made the mistake of using that same (now breached) password anywhere else on the internet, they need to change that too.

Reusing passwords is never a good idea, as hackers will often take passwords stolen in one data breach to break into other accounts.

Frustratingly, LiveAuctioneers does not share any details of what it means by “encrypted passwords” – meaning that it is hard to calculate the likelihood of a malicious party being able to crack and abuse them.

Of course, passwords are not the only details which are potentially now in the hands of cybercriminals. Exposed data also included users’ email addresses, phone numbers, partial credit card details, and postal addresses – all of which could be exploited by a scammer.

LiveAuctioneers says it takes the protection of member information “very seriously,” and is inviting users who have questions or see any suspicious account activity to contact its customer support team.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Follow me for more information.