Heritage Auctions followup Oct. 21 (official)

swhuck · October 21, 2019 3:21PM

Our Email and phone systems are fully operational, and we expect the website to be up soon.

We have confirmed that we were the victim of a malware attack. We have no evidence and no reason to believe that there was any unauthorized acquisition of any client or company data. Additionally, client financial information such as credit card numbers and bank account information is maintained and secured by the payment provider. Further, all HA.com passwords are encrypted.

All currently affected auctions will be extended or rescheduled, with revised schedules posted once HA.com returns to service.

TomB · October 21, 2019 3:57PM

This reads as though it is the best case scenario to an awful situation. I hope you are successful and also hope no one has their information compromised.

jmlanzaf · October 21, 2019 4:05PM

I look forward to lustily bidding soon

Boosibri · October 21, 2019 4:08PM

Thanks for keeping us informed!

Coinstartled · October 21, 2019 6:37PM

Good news. Looking forward to the next coin auction.

messydesk · October 21, 2019 6:44PM

Thanks for keeping us posted.

alefzero · October 21, 2019 7:00PM

Excellent news to what could have been disastrous. Thanks for the update!

Traz · October 21, 2019 7:07PM

Having “no evidence” does not mean nothing was stolen. Until we get an answer as to what type of attack it’s always safe to assume your information was stolen. This wasn’t done for fun.

scubafuel · October 21, 2019 7:50PM

The fact that whatever it was crashed out the site/database is actually a sign that the goal might not have been stealing data. Data thefts are generally done as quietly as possible, for obvious reasons. That’s why so many companies end up saying “we just realized someone breached our servers two years ago...”

kuwegg57 · October 21, 2019 9:38PM

I won a coin on Friday. I wonder if I'm still the winner?

keets · October 22, 2019 4:52AM

Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

jmlanzaf · October 22, 2019 5:52AM

@keets said:
Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

Changing passwords when they come back should be sufficient. As long as the financial information was, as they say, on a separate site, there really shouldn't be a problem.

messydesk · October 22, 2019 6:22AM

@keets said:
Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

I'd rather they take their time conducting a thorough root cause analysis, be rigorous about fixing it, and carry out thorough testing, including scheduling "ethical hacking," than hurry something along. Whenever they say that everything is fine, they have to be right.

keets · October 22, 2019 8:02AM

John, didn't they sort of say that with the OP??

messydesk · October 22, 2019 8:30AM

@keets said:
John, didn't they sort of say that with the OP??

Sort of. They said what happened, but didn't disclose how it happened and why it wasn't prevented, nor would I expect them to in this case.

tommy44 · October 22, 2019 8:49AM

Hummmm, interesting that I got a email from Heritage on October 2nd stating that the credit card I had on file was expiring 11/1/2019. It's a credit card I no longer use and it was cancelled about a year ago so I ignored the message figuring I would use a new card on my next purchase. I wonder if that email had anything to do with the attack.

Hemispherical · October 22, 2019 11:03AM

@jmlanzaf said:

@keets said:
Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

Changing passwords when they come back should be sufficient. As long as the financial information was, as they say, on a separate site, there really shouldn't be a problem.

Did a double take and had to wonder why? (about the phone)

Then realization hit! Internet phone.

Checking my ol’ fashioned landline.

Still got a dial tone.

Zoins · October 22, 2019 7:57PM

@kuwegg57 said:
I won a coin on Friday. I wonder if I'm still the winner?

Let us know

emeraldATV · October 22, 2019 9:50PM

Well, insn't that special !
Thank You, for the update.
I was just worried about your PR, which seems to be in order.
But what do I know. Cool .

kuwegg57 · October 22, 2019 10:43PM

Heritage website back online. I'm still the winner of the coin. Just waiting for the invoice.

Heritage Auctions followup Oct. 21 (official)

Comments

Leave a Comment