Simple Auctions Hacked Again

[Peter_Spaeth]

Quote:

Originally Posted by notfast

They keep having issues and have yet to move to a different auction host.

You’d think they would have moved on awhile ago because this is embarrassing.

Is there a viable alternative?

[Fballguy]

From Goldin...

[Aquarian Sports Cards]

Quote:

Originally Posted by Peter_Spaeth

Is there a viable alternative?

I certainly think there is!

[Lorewalker]

Quote:

Originally Posted by Peter_Spaeth

Is there a viable alternative?

Getting pretty old. There are other choices. Not sure why these houses are putting up with this and subjecting their consignors and buyers to it.

[BRoberts]

Quote:

Originally Posted by Lorewalker

Getting pretty old. There are other choices. Not sure why these houses are putting up with this and subjecting their consignors and buyers to it.

How has Bob Freedman never made a public post on this board regarding whether the thousands of people registered with the auction websites on his platform had their personal information compromised by the first "hackers" weeks ago? He finds time to post his memorabilia pickups but can't address this issue?

[sbfinley]

Quote:

Originally Posted by BRoberts

How has Bob Freedman never made a public post on this board regarding whether the thousands of people registered with the auction websites on his platform had their personal information compromised by the first "hackers" weeks ago? He finds time to post his memorabilia pickups but can't address this issue?

Stolen data briefing laws are almost universal now in all 50 states. I would venture to guess anyone who would have had personal data breached will be notified. Yeah it sucks not knowing (I’m probably registered at 20 SSA affiliated sites) but:

A) Most data breach notifications go out months after the initial attack, when the full scope of data stolen is accounted for.

B) If any data was stolen, by law the effected parties will be alerted.

C) They were probably advised not to discuss it until the above notices are posted.

[Exhibitman]

I hear they will be up and running again on Monday...

[mantlefan]

How many times does this have to happen until Auction houses start using another company? (Create Auctions) SA should have implemented security patches after the last attack.

[bnorth]

Quote:

Originally Posted by mantlefan

How many times does this have to happen until Auction houses start using another company? SA should have done a better job of protecting their data.

As long as customers keep bidding and the AHs make $ it will never change. We as collectors seem to turn a blind eye to a LOT of stuff.

[Peter_Spaeth]

Quote:

Originally Posted by mantlefan

How many times does this have to happen until Auction houses start using another company? (Create Auctions) SA should have implemented security patches after the last attack.

Has any auction changed companies since SA started having these problems or are they all just staying the course despite all the issues?

[BRoberts]

Quote:

Originally Posted by sbfinley

Stolen data briefing laws are almost universal now in all 50 states. I would venture to guess anyone who would have had personal data breached will be notified. Yeah it sucks not knowing (I’m probably registered at 20 SSA affiliated sites) but:

A) Most data breach notifications go out months after the initial attack, when the full scope of data stolen is accounted for.

B) If any data was stolen, by law the effected parties will be alerted.

C) They were probably advised not to discuss it until the above notices are posted.

Let's hope Bob Freedman knows the laws.

[autograf]

My nonsports auction is with SSA. I have done three auctions a year for the last two years. 2021 is the third year. I'll do Feb, Jun and October this year. The hack hasn't caused me many problems other than I had to push my Jan auction back to Feb. It sounds easy to just hop over to another software but it is not quite that easy. All the historical data would have to be ported over somehow and you'd have to learn a completely new software for running your auctions. It may come to that at some point and I'm sure other SSA users are considering jumping ship, but, for now, I'm staying put. As for information gathered, other than address and phone number which is important, my site doesn't collect any payment info--only paid through the PayPal API or via check/money order. And passwords are not visible to me through the software. I hope that's the case as, like most of you all, I'm registered with a number of SSA sites too. Last word I got was that the sites would be back up this afternoon.

[MCyganik]

I'm curious how these things work behind the scenes because for the layman like myself it sounds like a bad movie.

Auction Server gets taken hostage. Hacker claims responsibility, supposedly doesn't want info from the hostage, just wants money to release the hostage.

Server CEO has long-time IT experience, hires firm that specializes in internet hostage situations. "Never negotiate with terrorists!" customers say. They begin negotiating with the hackers.

Server CEO and hostage firm negotiate a settlement to release the hostage. "It's okay," they say, "in most situations the hacker just wants a lump sum and they'll go away".

The hacker releases the hostage. The Auction Server needs time to recuperate from the trauma but otherwise is intact and well-functioning. After a few days, life moves on.

3 Weeks Later

Auction Server is missing. Who is to blame?