04 August 2020
Anyone with an account at online bidding portal, Live Auctioneers, must now change their password after hackers stole email addresses and account details.
Live Auctioneers has confirmed that its systems were compromised during a cyber attack in June, with the result that customer’s email, phone number, passwords and visit history had all been stolen. All passwords and accounts were subsequently frozen. If you have an account you now need to go to the log in screen and request a new password. However, the bigger danger is if you use similar passwords on other websites as the hackers will now try to access other online accounts using your details and the same password. If you do have any other online activities that used the same, or similar, password, then you are advised to change them immediately.
The full press release from Live Auctioneers concerning the cyber attack is as follows:
‘We take the protection of your information very seriously. Unfortunately, we are writing to inform you about a data security issue affecting your LiveAuctioneers bidder account information. We are deeply sorry for any concern or inconvenience this may have caused, and are working quickly to take the appropriate steps to prevent such incidents in the future. We hope that in time we can regain your trust, which we value above all.
Our cybersecurity team has indeed confirmed that following a cyber attack against one of our IT suppliers on June 19, 2020, an unauthorised third party managed to access certain personal information from our bidder database. We were notified of the incident on July 11, 2020 and began notifying bidders that day through email and our website, based on how recently the bidder had used their LiveAuctioneers account.
LiveAuctioneers was one of a number of their partners who experienced a breach since this IT supplier’s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.
What Information Was Involved
The data that has been exposed includes user account information like names, email addresses, mailing addresses, phone numbers, visit history, and encrypted passwords (the unauthorised party however managed to decrypt passwords after the cyber attack). Not all of this information may have been present on your bidder account. Please also know that complete payment card numbers were not accessed, and we have no reason to believe auction history was affected.
The exposure of your LiveAuctioneers credentials (i.e. login and password) could affect other online accounts you may have (if they use the same or similar credentials). You could also be exposed to impersonation and phishing attempts.
What We Are Doing
As soon as we became aware of this incident, we blocked the unauthorised access to bidder account information and disabled your most recent LiveAuctioneers password.
We have taken immediate steps to improve our security and prevent such incidents in the future:
We have suspended our relationship with the compromised IT supplier.
Our security tokens and passwords throughout LiveAuctioneers’ systems have been replaced.
We have implemented stronger password encryption.
We have partnered with leading cyber security experts to further secure our website, mobile apps, and systems.
We are working with government authorities to bring the perpetrators to justice.
Multi-factor authentication for all back-end services have been implemented.
We are analyzing and monitoring our source code to address any vulnerabilities..
We are continuing to upgrade our network infrastructure.
We will be implementing stronger password requirements.
What You Can Do
All passwords created before July 11, 2020 have been disabled. If you have not already done so, we encourage you to change your password.
For not logged in bidders: You can access your account by creating a new password, following the steps below:
Visit https://www.liveauctioneers.com/ and click ‘Log In’ on the top right-hand corner of the page.
Click ‘Forgot Password’ on the login window.
Enter your email address used for and click ‘Send Reset Instructions’.
Check your email and follow the link provided to reset your password.
For already logged in bidders: Please click the dropdown from your user icon in the top right corner and click ‘Account Settings’. From here, click ‘Change Password’.
To help further protect your personal information, please remember: Do not use same or similar credentials for other online accounts. Change any and all passwords that used the same or similar credentials as those used for your LiveAuctioneers account.
Can't get to the newsagents for your copy of The Armourer? Order it online (now with free postage!) or take out a subscription and avoid the general public for the next 12 months entirely. And if you're confined to quarters, stock up on some bookazines to keep you entertained.
Buy the latest copy or any back issues, either in print or digital editions by clicking on The Armourer.
Buy a copy of Aircraft of the RAF, featuring 595 flying machines, for £7.99 by clicking here.
Or how about a copy of the Collecting German Militaria bookazine? Click here to buy this.
And we still have a few copies of 100 Years of the RAF 1918-2018 left as well.