Saturday, June 29, 2019

Even the Art Industry is not Safe! Artsy Pwned



There are art galleries and museums throughout the nation. When the locality does not have a physical site, there is always the internet as a resource. There are services which provide an inlet into the art world for those of us not proximate to the larger museum. One of these services is Artsy, which is described as “…an online platform that offers views into the art world as well as works for sale…” (Dissent, 2019).

In February 2019, the CTO, Daniel Doubrovkine, emailed the service’s users notifying them of “…a data security incident that may have impacted your Artsy account data.” Merely reading this short portion of his sentence was a bit alarming. With all of the breaches in the retail and commercial industries, there tends to be sensitivity when this occurs.

This affected approximately 1M Artsy users. The affected data is believed to be the user’s name, email, and IP address. While this is still an issue, on the bright side, any credit card or banking information was not included. The business had not been notified of any actual fraud or attempted fraudulent events arising from this issue. The data is presumed to be on sale on the dark web.

Artsy recommended the users change their passwords. Also if the users happened to use the same passwords for other sites, which unfortunately occurs, the users were recommended to change these also. This is not a significant issue as the other data, as these were stored as hashes.

Unfortunately, the method or vector for the successful attack had not been published. This would have been useful to share so others could learn from the issue and not compound the same problem. The attack does, however, highlight the importance of a thorough defense in depth for the perimeter and hashing passwords, for this use case.

Resources
Dissent. (2019, February 14). Artsy alerts users of data-security breach; report claims hacked information for sale. Retrieved from https://www.databreaches.net/artsy-alerts-users-of-data-security-breach-report-claims-hacked-information-for-sale/

Greenberger, A. (2019, February 14). Artsy alerts users of data-security breach; report claims hacked information for sale. Retrieved from http://www.artnews.com/2019/02/14/artsy-data-stolen-security-incident/


Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)