3.4M LiveAuctioneers users’ PII and cracked passwords for sale on data sharing forum

Unauthorized third party accessed user data of the online bidding, auctioning forum, through a security breach, confirmed by LiveAuctioneers in a statement.
Updated on
April 19, 2023
Published on
July 13, 2020
Subscribe to the latest industry news, threats and resources.
CloudSEK has discovered a data leak that contains sensitive information of 3.4 million users of liveauctioneers.com. LiveAuctioneers is an online bidding and auctioning forum for art, antiques, jewellery, and collectibles.  On 11 July 2020 LiveAuctioneers posted a statement on their website confirming that an unauthorized third party had accessed their user data, through a security breach at a data processing partner, on 19 June 2020.   

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 million LiveAuctioneers users.  The post was published on 10 July 2020 at 07:25 PM, a day before the statement from LiveAuctioneers. The poster is selling 3.4 million users’ data and 3 million cracked username password combinations. The seller has shared 15 user records and 24 email-password combinations to support their claims.  LiveAuctioneers 

The contents of the leak

The sample records contain 15 users’: 
  • Email address
  • Username
  • Encrypted passwords
  • First name
  • Last name
  • Physical address 
  • IP address (in some cases)
The seller also claims to have cracked the MD5 encrypted passwords and has shared a sample that contain 24 users’:
  • Username
  • Cracked passwords
LiveAuctioneers claims that unauthorized access has been blocked and that they have disabled all bidder accounts’ most recent passwords.   

Data verification and validation 

Using public sources we were able to verify various fields such as mobile number, physical address and email address in the sample data. The sample has a mix of US and UK users’ data.  Cracked Sample LiveAuctioneers  


  1. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  2. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the victims’ accounts. 

Next Steps

Recommendations for the affected users
  1. Check if your LiveAuctioneers accounts have been tampered with. 
  2. Enable multi-factor authentication. 
  3. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the victims’ accounts. 
  4. Review all online accounts and financial statements for suspicious activity. And change the passwords of accounts that have the same password as your LiveAuctioneers account. 
  5. Caution friends and family against threat actors impersonating you.
General Recommendations
  1. Use strong passwords.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t share OTPs with third-parties. 
  4. Review online accounts and financial statements periodically. 
  5. Regularly update your apps and any other software you use.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations