LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum.
LiveAuctioneers is an auction site that allows people worldwide to bid on auctioned items in real-time.
On July 10th, 2020, a data breach broker began selling a database that allegedly contains 3.4 million user records stolen from the LiveAuctioneers' site.
BleepingComputer was told by the data broker that the database is being sold for $2,500.
This data allegedly contains user's email addresses, usernames, MD5 hashed passwords, names, phone numbers, addresses, IP addresses, and social media profiles.
LiveAuctioneers database sold on a hacker forum
In addition to the this data, the seller stated that 3 million of the accounts had their passwords decrypted, which were included in the sale.
This type of data is a treasure trove for threat actors as it can be used in targeted phishing attacks and credential stuffing attacks at other sites
The user records were later verified by cybersecurity intelligence firm CloudSEK who was able to confirm verify the data for various users listed in the sold database.
"Using public sources we were able to verify various fields such as mobile number, physical address and email address in the sample data. The sample has a mix of US and UK users’ data," CloudSEK stated in a report.
LiveAuctioneers discloses a data breach
On July 11th, a day after the database was listed for sale, LiveAuctioneers posted a security notification stating that they suffered a data breach.
Accord to the data breach notification, the site's data was compromised on June 19th, 2020, after a ..
Support the originator by clicking the read the rest link below.
