Quidd

Quidd operates as an online marketplace specializing in digital and physical collectibles, commonly known as Quidd Marketplace or Quidd Collectibles. The platform facilitates the buying, selling, and trading of various collectible items, catering to enthusiasts seeking unique digital assets and tangible merchandise. Its primary market appears to be consumers within the collectibles sector, leveraging an online storefront accessible globally. The company maintains its headquarters within the United States of America, serving as its central operational base for managing the marketplace and user interactions. The core service revolves around providing a venue for users to engage with collectibles, building collections and participating in transactions.

The scale of Quidd's user base is evidenced by a significant cybersecurity incident disclosed in late 2019. An unauthorized breach compromised account details belonging to approximately four million registered users of the platform. This incident highlights the substantial reach of the marketplace, indicating a large community of active collectors utilizing its services. The compromised information included usernames, email addresses, and passwords secured using the bcrypt hashing algorithm. The breach demonstrated the platform's attractiveness as a target due to its user volume and the potential value of the data involved.

A distinguishing attribute relevant to Quidd's operational history pertains to its handling of a major security breach. Following the compromise of millions of user accounts in December 2019, attributed to a threat actor known as ProTag, the stolen data was privately traded among hacking groups before appearing on public forums. The robust bcrypt hashing applied to passwords significantly increased the difficulty of decrypting them, a security measure that likely contributed to the data's eventual public exposure as its resale value diminished for attackers. Notably, public reporting indicated that Quidd had not formally acknowledged the breach or communicated details about the incident to its users or the broader public at the time the compromised data surfaced online. This lack of public acknowledgment represents a specific aspect of the company's incident response posture during that event.