Cyber Threat Actor: LiveAuctioneers Data Processing Partner
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
LiveAuctioneers Data Processing Partner is the alias used to describe the threat actor responsible for the June 2020 breach of the LiveAuctioneers online auction platform. The actor is known to operate from the United States of America, as indicated in the available attribution information. The intrusion was carried out by gaining unauthorized access through a third‑party data processing partner that had legitimate connectivity to LiveAuctioneers’ systems, highlighting a supply‑chain‑style approach. The primary sector targeted was the online commerce and auction industry, with the victim’s user base spanning primarily the United States and the United Kingdom, as later verified by a cybersecurity firm. The strategic objective evident from the incident appears to be financial gain, given that the stolen dataset was subsequently offered for sale on a hacker forum and included decrypted credentials for approximately three million accounts. No public statements link the actor to espionage, disruption, or state‑sponsored motives, and any such interpretation would exceed the evidence provided.
The actor’s tactics, as described in the public report, centered on exploiting the trust relationship between LiveAuctioneers and its data processing partner rather than deploying custom malware or leveraging known exploit kits; the initial access vector was the compromise of that partner’s credentials or infrastructure. No specific malware families, tooling suites, or post‑exploitation frameworks were mentioned in the source material, so the actor’s tooling style remains unspecified beyond the use of legitimate access channels. The breach resulted in the exfiltration of roughly 3.4 million records containing email addresses, usernames, MD5‑hashed passwords, names, phone numbers, physical addresses, IP addresses, and social‑media profiles, which were later verified to match samples of U.S. and U.K. user information. Following the discovery, LiveAuctioneers forced a password reset for all users and warned the community to remain vigilant against phishing attempts that might leverage the exposed data. No further campaigns or affiliated operations have been publicly attributed to this alias, and no connections to criminal consortia or state actors have been established in open sources. Consequently, the profile of this threat actor is limited to the single financially motivated incident involving a third‑party data processing partner.
