Heritage website down (official)
swhuck
Posts: 546 ✭✭✭
Heritage would like to thank everyone for their patience as we work to restore our website. We apologize for any inconvenience.
We have confirmed that we were a victim of a malware attack. Please be aware that client financial information (e.g. credit card, bank account info, etc.) is maintained by a third-party provider and is thus not affected.
We expect to be back online soon.
All currently affected auctions will be extended or rescheduled, and we will notify everyone accordingly.
More updates soon.
Sincerely,
Stewart Huckaby
mailto:stewarth@HA.com
------------------------------------------
Heritage Auctions
Heritage Auctions
2801 W. Airport Freeway
Dallas, Texas 75261
Phone: 1-800-US-COINS, x1355
Heritage Auctions
Stewart Huckaby
mailto:stewarth@HA.com
------------------------------------------
Heritage Auctions
Heritage Auctions
2801 W. Airport Freeway
Dallas, Texas 75261
Phone: 1-800-US-COINS, x1355
Heritage Auctions
Tagged:
11
Comments
Thank you for the update. We appreciate it.
The update is certainly appreciated.
Thanks for the notification and especially the extracted quote:
“Please be aware that client financial information (e.g. credit card, bank account info, etc.) is maintained by a third-party provider and is thus not affected.”
It is important for Heritage to declare whether this was malware or ransomware. Malware will affect systems by stealing passwords, usernames and other information is stored on Heritage systems. Ransomware on the other hand will encrypt the computers until a specific amount is paid (usually in bitcoin). Even paying this will not guarantee anything on unencryption of the computers.
That being said it’s at least good to know we have an official response. But I can not imagine malware taking the whole network down.
Wish Heritage the best.
As a specialist I would recommend if you use the same password on heritages site on any others that you change it immediately. The bank information may be in a third party but I doubt the login info is.
My Type Set & My Complete Proof Nickel Set!
Very sorry to hear. That's what was suspected. We appreciate you letting us know the status and that our financial info is safe. Hope that you are able to get up and running soon.
Sometimes, it’s better to be LUCKY than good. 🍀 🍺👍
My Full Walker Registry Set (1916-1947):
https://www.ngccoin.com/registry/competitive-sets/16292/
so Heritage be kind enough to tell us: ransomware or malware
Kennedys are my quest...
I pay with plastic so it is probably tupperware.
They said malware in the announcement. I also see no reason to care. Take the normal security measures you use [change passwords, etc] and be done with it.
That is just plain stupid that a company as large as HA is subject to a malware attack. Easy and cheap to avoid.
bob
Is that true? I doubt it. Otherwise none of the infamous attacks would have happened.
This is blatently, egregious wrong information.
The fact is offense is everything. The internet is essentially one huge un-fixable problem. The whole idea of a packet is "accept this for processing". It is IMPOSSIBLE to keep good hackers out.
The best tech people are the ones who KNOW they've been hacked. Everyone gets hacked. Period.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
The malware had to be introduced into the system.
-Visit the wrong site and clicking that popup
-Someone plugged in a USB drive or some other media to upload something but it was already infected
-Fired/dissatisfied employee (see above)
-Etc... back to the first sentence... someone...
People are low hanging fruit for access, but they aren't needed. They are just easy.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
People are harsh. Those same people would fall for the spearphishing attempts, I bet.
I bet very very few would be able to tell the difference between a regular email and a properly formed spearphishing email.
It gets better: a lot of the time, the only way to tell the difference is if the "real" email uses properly configured digital signatures. Who digitally signs all of their emails? (in my experience - and this is my area of expertise - less than 1% of the population of professionals do so).
Like I said, low-hanging fruit. All it takes is some crafty person to send those bad emails, and access is just that easy.
For people who actually do follow best practices, etc - well, then access comes differently. AKA: All of the man-in-the-middle attacks, man-on-the-side, boy-in-the-middle, etc. There are plenty of real life - used every day attacks that do NOT require a human to "mess up" by doing something they shouldn't be doing.
Thus is the current state of the world.
But some people make it easy. And some people make it trivial. (Yes, I'm pointing at you Sony)
E.g.: You're not supposed to store passwords. You're supposed to store salted hashes of passwords... So, if heritage auctions uses proper security, they CANT leak your passwords (of course, plenty of websites leak passwords every day).
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
Heritage? What's heritage? Only heritage I know is the old folks home in Pittsburgh/Squirrel Hill area. Everything up here. Semper Fi!
The whole worlds off its rocker, buy Gold™.
Correct.
This discipline is part of what I do for my job. Not a technical expert by any means but part of my job is to evaluate the adequacy of preventive and detective measures in corporate networks. You mentioned Sony. My recollection is that Target was compromised unknowingly by one of their vendors (HVAC?). Most people would be surprised that even the largest and believed to be most sophisticated firms overlook controls that open the door to compromise.
No one is perfect and all it takes is one mistake.
This could be a coincidence, but just received an email from an alert system to notify me that the email I use to log in HA.com has been detected today on the dark web... there you tell me. Have been changing passwords and looking into accounts last half hour.
You should make this a new thread so everyone is more likely to read it. This is important.
What service do you use that detected that?
Great transactions with oih82w8, JasonGaming, Moose1913.
@ms70 I got an alert from Norton Identity Protection myself on Friday. It's hard for me to take those alerts seriously. I take it as a given that my email is on the dark web... and in fact when I logged into my Norton account there were several other alerts that I'd forgotten about, from last year and the year before.
I figure that anyone who wants my info can get their hands on it somehow. There are some things I'm more careful about, such a my social security number, but really, I'm sure that's out there also.
Maybe CreditKarma
I should add -- there's one flavor of email spam / blackmail that uses your password in the subject line as proof that they've hacked your account. I have one main email address, but I use a separate password for each site, so I knew exactly which site had been hacked. See various discussion online. If you're concerned about identifying which sites were hacked, this is something to watch for in your mailbox or spam folder.
The problem is worse than people making mistakes! Of course, mistakes are impossible to prevent. Consider that most large firms have tens of thousands of internet connected devices. To keep all of them updated with just the recent security patches takes hundreds of employees. It's a relentless, endless pursuit. There are hundreds to thousands of identified bugs in just the top 20 most used programs every year.
And then consider zero-days. Game over. Offense wins.
I mean, all one has to do is go to Las Vegas during the BlackHat conference and use your phone with a cellular tower. If you've done so for the past 3 years running, then your phone has been compromised because the CELLULAR towers are hacked by participants of the conference.
Offense wins - and there is nothing any of us can do to change it.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
Has anyone noticed when going to their home page a warning of some sort saying unsecured web page? I have gotten that or something similar to that for a long time. My brouser urges me not to go there I need to click take me there anyway.
Just wondering
Thanks
Martin
+A nefarious person wouldn't even really need to gain internal access to shut down most websites. They can simply DDOS attack- using a bot-net to overwhelm the server with traffic from IPs around the world.
Caution should be taken with emails if they are used for password/identification recovery. This is one of the key reason why there’s an “alert” and of the interest to certain denizens of the DW.
If the email is not used for password recovery/ID then your fine.. but are you sure you have not?
How it works?
-access to your email
-find a site you visit
Then...
—select forgot password at the site you visit and send password/recovery info to email
—check email
—access site and download any personal information found
—keep on digging and hoping to get lucky to your bank/cc online accounts; deceased relative info; newborn info (jackpot! Get that SSN, it’ll be years before the child will do a credit check or use credit; but a “denizen” can make a valid false identity for at least a decade or so with that SSN.)
By the way, there are “toolz” that automate the process.
—————
Back to changing a few passwords and some caffeine.
I will make a new thread.
The service was CreditWise, and no, was not a spam asking for ID or password, this was a legit notification.
I got the same from a different credit monitoring service
mbogoman
https://pcgs.com/setregistry/collectors-showcase/classic-issues-colonials-through-1964/zambezi-collection-trade-dollars/7345Asesabi Lutho
I love Malwarebytes. Full version.
I love Mallomars bites with some milk.
Indeed- although theyd probably have to do it in a special way since there does exist defenses against ddos attacks these days.
botnets are very dangerous. they essentially unlock supercomputer capabilities to criminals. Any server that is malformed, uses bad security (in any way - but most notably account security/passwords/etc) are vulnerable to botnets.
I feel like this thread is starting to become educational!
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
For this same reason, on all accounts that ask for "security questions" - I always find out the maximum size answer and fill answers with random passwords. aZ!* - max character count is usually over 60 for such answers. The security questions often provide greater security than the passwords, except for one problem...
They usually are not stored as salted hashes!!** which is huge. Most of these answers are stored as text, and the human (humans are ALWAYS the weakest link) have direct access to the answers.
For this reason, not only do I randomize them, but I change them EVERY time I have to use them - or 60 days - whichever is shortest.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
I have a lot of sympathy for Heritage. I have several websites that have been hacked. Was a pain in the arse to fix because I am not in tune with this technology. I can only imagine a site like Heritage going down and then getting it back on line. Ben Franklin once said a ounce of prevention is worth a pound of cure. I would think that they would be paying special attention to the security of their site with all the breeches happening. Maybe a employee who had access to the guts of their website did this. I find it hard to believe a outsider got in but I don't know the precautions Heritage had in place. Good luck Heritage and get back on line soon.
Haven't done business with them for 20 years hopefully my info. is safe.
Seems I have been out of the loop (workforce) far too long. Upon doing a bit of reading I see that the bad guys got better than the good guys and the ads for Norton, Lifelock, etc on tv really are just hype.
Sorry for the insult HA...hope your employee that did the damage is outed...that sucks.
I know that when last working for a large company (Miracle Ear) I our computers were not on the internet and were "dedicated" company computers. However, I never thought of an inside source for the problem....what has this world come to?
bob
LOL, I went to Ga. Tech in 1977. They were hacked last year and I received a letter warning me about it from Ga. Tech.
Malwarebites caused me to buy a new computer. Turned out it was fighting my antivirus program!
I think they should thank their lucky stars this didn't happen during a major auction/coin show.
Oh, right, so you should only have 1 antivirus program active on a computer. otherwise, they dislike each other and cause major problems.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
Exactly. GA Tech is #1 in cyber security - and even they got hacked.
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
Only can know what is being told, but this is an extraordinarily long outage to be just a matter of a simple restore, even with new hardware (fresh disks). One would speculate ransomware and the engagement of federal authorities investigating the incident. While we do not know the source of the exploit, this is the sort of risk taken when expanding operations to run auctions in global markets. It also appears clear that less regard was paid to high availability and redundancy. Hopefully, recent full backups are maintained offsite and not continuously directly or network connected. I know the first place I'd go are the system config files and cron scripts (or the analog) to identify such and wipe them clean first. Certain systems should also not be connected to the general network and dual homing is a huge risk. The big questions are what do they have to restore and what exactly was compromised. It is absolutely understandable to keep much of that under wraps while investigations and remediation is underway. However, there is a point, after several days, that it becomes a liability for them to withhold known compromised personal data. The consignors and customers deserve the benefit of knowing and handling it, in part, as they choose as an immediate action. Their legal staff might consider the volume of lawsuits that might precipitate from stalling on such. Since they are quite developed, the reasoned speculation is that they had quickly determined what was potentially compromised, in that respect, and that nothing serious has been.
Best scenario is probably they simply need to rebuild their system to close security holes and test it, further comb over every bit of backed up content (intended for restore) with experts to make sure there are no trojans or similar. Their business is based on trust and Heritage really needs to convince the community that they are safe bidding once they resume operations. A complete redesign, build, and test is impractical. It is better that whatever they need to do is done right and not rushed. Hope they really have a good handle on it all.
Do we know it wasn't during a major show? Remember, they aren't just a coin auction company. They run so many auctions weekly, it could have been a major show for a different collectible segment.
First they need to figure out where it came from using their SIEM software. Bringing up the whole thing with a vulnerability in place would just cause it to happen again.
Second if it ransomware don’t just think severs. Think workstations also, which are usually never backed up.
I just want to know if I won my lots I had bids in 🤪
My Type Set & My Complete Proof Nickel Set!
LOL! Unless things have changed...Virus Programs always used to conflict with each other! Do you run more than 1 virus program?
Depends on the SIEM software, who is using and configuring it, what it covers/manages, ... The nature of their services might produce a lot of false positives as well as the drain on limited resources can tempt a company to relax some of the parameters and disable some monitoring. It is a serious matter which they are most certainly taking very seriously. Exploiting a big enterprise will be done a smartly as possible and with as devastating consequences as possible. Going to be a messy cleanup at the very least.
You're so right. Sometimes I get so caught up in the coin bubble, I forget about things like that.
Hope the site gets fixed quickly, there are many things I want to bid on!
Many members on this forum that now it cannot fit in my signature. Please ask for entire list.
I was a consultant to Georgia Tech about eight years ago and received the same letter about three or four months ago.
I run one main anti-virus. I also run a suite of other tools - registry cleaners, etc from time to time. I also keep windows defender on. Ive also configured my router to run a better firewall than the one shipped with it.
I could do more, but, alas im lazy - and all of my money is currently FDIC insured. Im not THAT rich :d
Minor Variety Trade dollar's with chop marks set:
More Than It's Chopped Up To Be
Given the size and nature of the business, I'm assuming the feds might be assisting in the investigation?
Great transactions with oih82w8, JasonGaming, Moose1913.