Nothing fine about it – Sotheby’s data breach
  • Table of contents

The author

user_image
Gil

Table of contents

Related Articles

Research

Facebook Hidden Friends Vulnerability (With “fb-hfc” released)

We reported the hidden friends vulnerability to Facebook; this lets attackers reconstruct the private Friends...
May 29, 2014
Learn more
Tech Talks

Welcome to The Cyber Feed

Over the past three decades, IT security solutions have developed to effectively secure most networks...
Jun 30, 2015
Learn more
Research

Nothing fine about it – Sotheby’s data breach

Dec 10, 2018

Following reports on social media and notification to the California Department of Justice, yet another retailer is preparing to communicate details of a breach to their customers. In this instance, the Art dealer and auction house Sotheby’s became aware of unauthorized changes to their ‘Sotheby’s Home’ website on 10 October 2018 and, based on their release (Figure 1), they believe that this code was present since at least March 2017.

As is to be expected with a Magecart compromise, the data believed targeted includes customer payment card details as well as their contact details.

Whilst technical details of this incident have not been shared, investigations conducted by Cyberint identified a historical script injection leading to an obfuscated Magecart JavaScript hosted on a now offline website.

Download the full report including investigation and recommendations chapters

Sothbey's Magecart_blog_image1Figure 1 – Sotheby’s draft notification letter

Download the full report including investigation and recommendations chapters

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start