Computer security analysts have uncovered that computer hackers that have hijacked the LiveAuctioneers database are offering up the stolen data on sale. This is done on the underground hacking markets. LiveAuctioneers is a large portal for putting up art and antiques on sale.
LiveAuctioneers Database Hijacked By Hackers and is Now On Sale: Sensitive Personal Credentials Offered on The Criminal Market
Computer security experts have reported that there is evidence of a dangerous stolen credentials from a famous portal. According to the available information a hacking group was able to hijack the LiveAuctioneers portal — one of the famous arts and antiques auction sites. News about the breach were published on Saturday last week when the service published an official statement about the hacker attack. According to the audit made by the auctions site the fault was discovered in one of the data processing partners and not in the servers that are directly operated by them. However no detailed information is given at this time about the scale of the attack and how many servers are impacted.
The day before the public announcement one of the underground markets has been found to contain an auction for hijacked data from the auction portal. A hacker or a hacking group has cannoned the availability of 3.4 million impacted username alongside 3 million name and password combinations. The detailed data includes the following information:
- Email addresses
- Usernames
- Names
- Phone numbers
- Physical Address Data
- IP Address
- Social Media Profile Links
- Passwords
In order to prove that the data has been hijacked by them they provide a sample set of stolen information – specifically 15 user records and 24 email & password combinations. This data is available on demand in order to verify that the stolen data are indeed valid.
As more information becomes available we will keep on watching for details about the breach, specifically the vulnerability that has been used. We suggest that all LiveAuctioneers users change their credentials as soon as possible to prevent from having their accounts abused further.