Ryan
i can only pass on what the software provider tells me, and what my direct communications with the server company, which i have insisted on tell me.
In this instance, Goldin deployed every possible tactic to protect ourself. We had cloudflare installed (which is NOT something that SA offers standard, apparently we were the first user to use it) , we had other measures taken by the server company, which i would say are extraordinary as i am not even their customer, SA is but i insisted.
at the end of the day, the hackers found a way to attack a DIFFERENT SA customer, which effected the cloud and impacted my close. once that was detected, they shut down the other company's website.
The purpose of the attacks has never been user data. this is not a phishing, data, or malware attack. This is simply an attack to cause disruption. no personal or private information is at risk or has ever been at risk or exposed. When you are successful you become a target, and its cheap and easy for someone to go to dark web to pay someone in Russia or China to attack a site. We implemented a long term plan in May and will be following that plan. in meantime we will continue to do everything we can to ensure successful close and successful auctions. all my consignors and the overwhelming majority of my bidders were happy. Everyone had a chance to get a bid in, because knowing of this potential, we implemented a procedure in our rules and in practice to extend bidding if bidders are blocked from access. Again, importantly, this was and there has no been data breach, private info breach, phishing,etc. This is simply an issue of someone screwing with Simple Auctions Servers to slow them down or shut them down to embarrass someone. you can determine if that is them, or that is their customers, and in this case Goldin Auctions. All we know is what we must do long term to ensure the continued growth of our business, and satisfaction of our bidders and consignors.
Quote:
Originally Posted by Rhotchkiss
Why do you think some hacker is targeting Goldin specifically? Also, is there concern that hackers' efforts is not limited to messing with an auction, but could extend to taking personal and private information of those who have registered with Goldin? If your service provider is unable to stop hackers from jacking with the auction, twice now, what comfort do we have that the same service provider is keeping personal information private?
I am not trying to be difficult - I like Goldin and bid regularly in their auctions (especially when you have vintage baseball cards), so this post is not intended to be "trouble making". Rather, I am genuinely concerned as to security in general and would appreciate some explanation that gives bidders and consignors comfort that their private info remains such, especially in light of back-to-back auction hacks.
Thank You
Ryan Hotchkiss
|