Security breach at LiveAuctioneers site exposes user data

LiveAuctioneers, an online website which broadcasts live auctions selling art, antiques and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

According to LiveAuctioneers, their customer data was accessed through a security breach at one of their data processing partners. According to their statement:

"As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020. 

LiveAuctioneers was one of a number of their partners who have experienced a breach from an unauthorized party since this data processing partner’s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased. "

LiveAuctioneers are encouraging their users to change their passwords, but as we in the CyberSecurity community know, most users reuse their passwords. My advice to users would be twofold, change their passwords to somehting unique not only on this site, but everywhere else that they conduct financial transactions on the internet. that's lots of sites, so use a password manager like 1Password, DashLane of LastPass, even the freeware Keepass is better than not using a password manager.

This is a cautionary tale to business management on risk transference; shifting data processing to an external partner DOES NOT shift ownership and responsibility for that data to the third party. It actually places additional burdens on your company to ensure that the data remains safe at the third party.