Mirus Gallery
Art Gallery
New Member
Posts • 193
Likes • 284
March 2014
|
Need Advice - Victim of Fraud Via Arsty, by Mirus Gallery on Feb 13, 2019 18:12:23 GMT 1, www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/Artsy 1,070,000 accounts for 0.0289 BTC ($104) total 184MB of data taken April 2018. Each account record contains an email address, name, IP addresses, location, and SHA512-hashed password with salt. This alleged security breach has not been previously publicly disclosed. Artsy, located in NYC, is an online home for collecting and organizing art. A spokesperson did not respond to a request for comment. Artsy is silent, as they are here it seems. But yes, I do agree that it looks like the gallery was hacked via Artsy. Somewhere a long the line it seems like the communication went external to artsy, hence when a artsy .net e-mail was used. As said earlier, there are a lot of missing pieces, bad situation all around. Seems rather recent and if true I am sure artsy will notify effected parties. Not sure how many active users they have on their platform and what percentage this effected. Regardless any breach is alarming. I still don't see this as confirmation this was a reason and how this transaction happened. If this transaction took place over email and an email was compromised then that is different than artsy being hacked and the buyer being duped through the internal artsy message system. The buyer has stated they were replying to an artsy email address and not on the secure platform of artsy when doing this transaction.
www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/Artsy 1,070,000 accounts for 0.0289 BTC ($104) total 184MB of data taken April 2018. Each account record contains an email address, name, IP addresses, location, and SHA512-hashed password with salt. This alleged security breach has not been previously publicly disclosed. Artsy, located in NYC, is an online home for collecting and organizing art. A spokesperson did not respond to a request for comment. Artsy is silent, as they are here it seems. But yes, I do agree that it looks like the gallery was hacked via Artsy. Somewhere a long the line it seems like the communication went external to artsy, hence when a artsy .net e-mail was used. As said earlier, there are a lot of missing pieces, bad situation all around. Seems rather recent and if true I am sure artsy will notify effected parties. Not sure how many active users they have on their platform and what percentage this effected. Regardless any breach is alarming. I still don't see this as confirmation this was a reason and how this transaction happened. If this transaction took place over email and an email was compromised then that is different than artsy being hacked and the buyer being duped through the internal artsy message system. The buyer has stated they were replying to an artsy email address and not on the secure platform of artsy when doing this transaction.
|
|
coller
Junior Member
Posts • 2,380
Likes • 2,371
April 2015
|
Need Advice - Victim of Fraud Via Arsty, by coller on Feb 13, 2019 18:22:19 GMT 1, I understand this is an emotional time for the buyer/victim. That said, there are a few things that really need to be understood before any real progress can be made here:
[This is not formal legal advice] From a legal standpoint, Artsy is not liable. From a legal standpoint, the gallery is not liable. From a legal standpoint, the buyer is a victim of a crime. From a legal standpoint, the only person liable to the buyer is the hacker/person who received the wired funds.
Once the above is fully understood, this entire process will become more efficient. You will never recover the money from Artsy. You will never recover the money from the gallery (unless the gallery itself was the scammer). This is will not become a PR nightmare for Artsy because Artsy did not do anything wrong here, aside from being hacked by a third-party. Artsy and the gallery are also victims.
I know this situation sucks, but going after parties who will never be found liable under these facts - and who are essentially victims to the same crime, albeit in lesser degrees - is a waste of time and energy.
EDIT: should also give this a look, which explicitly absolves Artsy of any/all liability under these facts (see paragraphs 15-21): www.artsy.net/conditions-of-sale
I understand this is an emotional time for the buyer/victim. That said, there are a few things that really need to be understood before any real progress can be made here: [This is not formal legal advice] From a legal standpoint, Artsy is not liable. From a legal standpoint, the gallery is not liable. From a legal standpoint, the buyer is a victim of a crime. From a legal standpoint, the only person liable to the buyer is the hacker/person who received the wired funds. Once the above is fully understood, this entire process will become more efficient. You will never recover the money from Artsy. You will never recover the money from the gallery (unless the gallery itself was the scammer). This is will not become a PR nightmare for Artsy because Artsy did not do anything wrong here, aside from being hacked by a third-party. Artsy and the gallery are also victims. I know this situation sucks, but going after parties who will never be found liable under these facts - and who are essentially victims to the same crime, albeit in lesser degrees - is a waste of time and energy. EDIT: should also give this a look, which explicitly absolves Artsy of any/all liability under these facts (see paragraphs 15-21): www.artsy.net/conditions-of-sale
|
|
Mirus Gallery
Art Gallery
New Member
Posts • 193
Likes • 284
March 2014
|
Need Advice - Victim of Fraud Via Arsty, by Mirus Gallery on Feb 13, 2019 18:29:45 GMT 1, Lets just clear up things before we attack any party, based on the original post in here this transaction took place not on Artsy but through an email from someone with a artsy email address. Because the buyer inquired through artsy they assumed this email was legit. But being that the buyer didn't seem to log back into their artsy account and reply, instead they emailed this person back through email and started the conversation through email and paid through a wire. All this from what I gather took place outside of Artsy. If this is true the buyer could easily log in their artsy account and see the exact conversation on artsy messaging platform. If they stayed inside the platform maybe they could have seen that this address was fake. But this is guessing because the buyer hasn't given much information on how this happened.
If Artsy was compromised and the artsy email address was authentic the whole conversation would be saved on the artsy messaging system. When you log in to your Artsy account is the whole conversation there? Or is it blank except your initial inquiry into the piece. This makes a big difference in my opinion and possibly the reason why Artsy hasn't replied. If this transaction in no way was logged on their messaging platform and it was all done over email I am not sure what their exposure would be. If the gallery email was compromised and the person got this lead from email then as I stated whichever email service provider and the gallery would be more at fault for being hacked. I would have everyone wait for more facts or a clearer explanation before being a mob and attacking Artsy.
If it is Artsy fault as a customer it is a concern for me and I would take steps to insure this doesn't happen to myself or my customers. I deal with multiple inquiries every day and this is a real concern if Artsy was compromised. Yet I don't see any proof or an explanation in this case that happened. Can we get some Clarity on this.
Lets just clear up things before we attack any party, based on the original post in here this transaction took place not on Artsy but through an email from someone with a artsy email address. Because the buyer inquired through artsy they assumed this email was legit. But being that the buyer didn't seem to log back into their artsy account and reply, instead they emailed this person back through email and started the conversation through email and paid through a wire. All this from what I gather took place outside of Artsy. If this is true the buyer could easily log in their artsy account and see the exact conversation on artsy messaging platform. If they stayed inside the platform maybe they could have seen that this address was fake. But this is guessing because the buyer hasn't given much information on how this happened.
If Artsy was compromised and the artsy email address was authentic the whole conversation would be saved on the artsy messaging system. When you log in to your Artsy account is the whole conversation there? Or is it blank except your initial inquiry into the piece. This makes a big difference in my opinion and possibly the reason why Artsy hasn't replied. If this transaction in no way was logged on their messaging platform and it was all done over email I am not sure what their exposure would be. If the gallery email was compromised and the person got this lead from email then as I stated whichever email service provider and the gallery would be more at fault for being hacked. I would have everyone wait for more facts or a clearer explanation before being a mob and attacking Artsy.
If it is Artsy fault as a customer it is a concern for me and I would take steps to insure this doesn't happen to myself or my customers. I deal with multiple inquiries every day and this is a real concern if Artsy was compromised. Yet I don't see any proof or an explanation in this case that happened. Can we get some Clarity on this.
|
|
unkle77
New Member
Posts • 356
Likes • 371
October 2008
|
Need Advice - Victim of Fraud Via Arsty, by unkle77 on Feb 13, 2019 18:39:29 GMT 1, like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously.
like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously.
|
|
Deleted
Posts • 0
Likes •
January 1970
|
Need Advice - Victim of Fraud Via Arsty, by Deleted on Feb 13, 2019 18:58:29 GMT 1, like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book.
The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry.
like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry.
|
|
Billy Sport
Junior Member
Posts • 1,252
Likes • 79
February 2008
|
Need Advice - Victim of Fraud Via Arsty, by Billy Sport on Feb 13, 2019 19:03:33 GMT 1, like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. a lot of galleries only accept payment by wire, this is not so unusual. is this to mitigate against chargebacks?
like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. a lot of galleries only accept payment by wire, this is not so unusual. is this to mitigate against chargebacks?
|
|
|
Mirus Gallery
Art Gallery
New Member
Posts • 193
Likes • 284
March 2014
|
Need Advice - Victim of Fraud Via Arsty, by Mirus Gallery on Feb 13, 2019 19:07:45 GMT 1, like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. a lot of galleries only accept payment by wire, this is not so unusual. is this to mitigate against chargebacks? Wire is less expensive on larger priced work versus credit card fees of 2-3% especially on big ticket purchases.
like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. a lot of galleries only accept payment by wire, this is not so unusual. is this to mitigate against chargebacks? Wire is less expensive on larger priced work versus credit card fees of 2-3% especially on big ticket purchases.
|
|
Bill Hicks
New Member
Posts • 930
Likes • 1,129
May 2008
|
Need Advice - Victim of Fraud Via Arsty, by Bill Hicks on Feb 13, 2019 19:22:19 GMT 1, Victim blame doesn't solve the crime and adds nothing to to the suffering the buyer is going through. However you want to look at this the Artsy site has been compromised and used to commit a crime and if they want to protect their brand they need to do something about it to protect their customers, both buyers and sellers. It's all very well having a knee-jerk reaction and saying "don't blame the victim" but in something like 90% of cases it is the victim's fault. May we kindly ask are you referring to any victims?
Victim blame doesn't solve the crime and adds nothing to to the suffering the buyer is going through. However you want to look at this the Artsy site has been compromised and used to commit a crime and if they want to protect their brand they need to do something about it to protect their customers, both buyers and sellers. It's all very well having a knee-jerk reaction and saying "don't blame the victim" but in something like 90% of cases it is the victim's fault. May we kindly ask are you referring to any victims?
|
|
|
Need Advice - Victim of Fraud Via Arsty, by sptembergurl on Feb 13, 2019 19:38:42 GMT 1, like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry.
What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case.
like OP admitted, the only weird thing that occurred was the fact that they requested payment through wire. which, yes, should have been taken a ton more seriously. ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry. What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case.
|
|
Mirus Gallery
Art Gallery
New Member
Posts • 193
Likes • 284
March 2014
|
Need Advice - Victim of Fraud Via Arsty, by Mirus Gallery on Feb 13, 2019 19:57:16 GMT 1, ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry. What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email.
...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry. What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email.
|
|
Deleted
Posts • 0
Likes •
January 1970
|
Need Advice - Victim of Fraud Via Arsty, by Deleted on Feb 13, 2019 20:23:51 GMT 1, ...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry. What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. When you received these e-mails what e-mail address comes up when you hit "reply to sender"? Is it artsy .net or something else? Depending on what e-mail server you use, it will probably have someone's name followed by the actual e-mail address between < and > Just because an e-mail may say From: john@artsy.net doesn't mean it has actually come from artsy.net (see pic below as an example) Did you click on any links in the e-mails? A link saying www.artsy.net will not necessarily take you to Artsy.
...and it seems that the e-mail asked the payment to be sent to a third party account, i.e. not an Artsy account or any gallery account. Oldest trick in the book. The buyer/victim has not given a huge amount of info and only she knows exactly what has happened but I, for one, will not be spreading hate mail about Artsy to all and sundry. What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. When you received these e-mails what e-mail address comes up when you hit "reply to sender"? Is it artsy .net or something else? Depending on what e-mail server you use, it will probably have someone's name followed by the actual e-mail address between < and > Just because an e-mail may say From: john@artsy.net doesn't mean it has actually come from artsy.net (see pic below as an example) Did you click on any links in the e-mails? A link saying www.artsy.net will not necessarily take you to Artsy.
|
|
Morfx
Junior Member
Posts • 2,687
Likes • 2,797
May 2013
|
Need Advice - Victim of Fraud Via Arsty, by Morfx on Feb 13, 2019 20:30:18 GMT 1, It's all very well having a knee-jerk reaction and saying "don't blame the victim" but in something like 90% of cases it is the victim's fault. People do silly things. In this particular instance, I'm not sure. Both parties seem to be at fault, in my opinion. Sometimes people also do silly things like making up statistics.
Statistically, 124% of statistics are wrong..
It's all very well having a knee-jerk reaction and saying "don't blame the victim" but in something like 90% of cases it is the victim's fault. People do silly things. In this particular instance, I'm not sure. Both parties seem to be at fault, in my opinion. Sometimes people also do silly things like making up statistics. Statistically, 124% of statistics are wrong..
|
|
k2
New Member
Posts • 528
Likes • 971
November 2016
|
Need Advice - Victim of Fraud Via Arsty, by k2 on Feb 13, 2019 20:50:03 GMT 1, I understand this is an emotional time for the buyer/victim. That said, there are a few things that really need to be understood before any real progress can be made here: [This is not formal legal advice] From a legal standpoint, Artsy is not liable. From a legal standpoint, the gallery is not liable. From a legal standpoint, the buyer is a victim of a crime. From a legal standpoint, the only person liable to the buyer is the hacker/person who received the wired funds. Once the above is fully understood, this entire process will become more efficient. You will never recover the money from Artsy. You will never recover the money from the gallery (unless the gallery itself was the scammer). This is will not become a PR nightmare for Artsy because Artsy did not do anything wrong here, aside from being hacked by a third-party. Artsy and the gallery are also victims. I know this situation sucks, but going after parties who will never be found liable under these facts - and who are essentially victims to the same crime, albeit in lesser degrees - is a waste of time and energy. EDIT: should also give this a look, which explicitly absolves Artsy of any/all liability under these facts (see paragraphs 15-21): www.artsy.net/conditions-of-saleWhat you say is true. However, if an organisation the size of artsy fails to rectify a known hacking problem, then I don't care if its legally liable or not, I will avoid, and advise others to do so too. They have not cared for their clients.
Something else that put me off Artsy...
I added details of a piece that I was interested in consigning for sale. I was contacted by a couple of galleries and an auction house offering to sell the piece on my behalf. We had some ongoing discussion and in the end I decided not to pursue any of the offers and instead sold the piece privately. All was good at this point.
However I was then contacted (multiple times) by a member of staff at Artsy who had clearly read both sides of my conversations, wanting to know why I had chosen not to proceed, quoting various details from the emails that I’d assumed were private.
I’m sure this is probably mentioned in their legal terms and so they’re entitled to do it, but it felt very very wrong that conversations I’d assumed were private were clearly being read at their end. It put me off the platform entirely and I’ve since uninstalled the app.
I understand this is an emotional time for the buyer/victim. That said, there are a few things that really need to be understood before any real progress can be made here: [This is not formal legal advice] From a legal standpoint, Artsy is not liable. From a legal standpoint, the gallery is not liable. From a legal standpoint, the buyer is a victim of a crime. From a legal standpoint, the only person liable to the buyer is the hacker/person who received the wired funds. Once the above is fully understood, this entire process will become more efficient. You will never recover the money from Artsy. You will never recover the money from the gallery (unless the gallery itself was the scammer). This is will not become a PR nightmare for Artsy because Artsy did not do anything wrong here, aside from being hacked by a third-party. Artsy and the gallery are also victims. I know this situation sucks, but going after parties who will never be found liable under these facts - and who are essentially victims to the same crime, albeit in lesser degrees - is a waste of time and energy. EDIT: should also give this a look, which explicitly absolves Artsy of any/all liability under these facts (see paragraphs 15-21): www.artsy.net/conditions-of-saleWhat you say is true. However, if an organisation the size of artsy fails to rectify a known hacking problem, then I don't care if its legally liable or not, I will avoid, and advise others to do so too. They have not cared for their clients. Something else that put me off Artsy... I added details of a piece that I was interested in consigning for sale. I was contacted by a couple of galleries and an auction house offering to sell the piece on my behalf. We had some ongoing discussion and in the end I decided not to pursue any of the offers and instead sold the piece privately. All was good at this point. However I was then contacted (multiple times) by a member of staff at Artsy who had clearly read both sides of my conversations, wanting to know why I had chosen not to proceed, quoting various details from the emails that I’d assumed were private. I’m sure this is probably mentioned in their legal terms and so they’re entitled to do it, but it felt very very wrong that conversations I’d assumed were private were clearly being read at their end. It put me off the platform entirely and I’ve since uninstalled the app.
|
|
coller
Junior Member
Posts • 2,380
Likes • 2,371
April 2015
|
Need Advice - Victim of Fraud Via Arsty, by coller on Feb 13, 2019 21:35:37 GMT 1, this thread's ability to reconcile its "no victim blaming" stance with its "blame artsy for being hacked" stance is impressive
this thread's ability to reconcile its "no victim blaming" stance with its "blame artsy for being hacked" stance is impressive
|
|
|
Art!
New Member
Posts • 420
Likes • 299
October 2016
|
Need Advice - Victim of Fraud Via Arsty, by Art! on Feb 13, 2019 21:58:36 GMT 1, What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email. I don't see anywhere on Artsy where messages are stored between galleries and I. It's all been between email addresses.
Most of the emails from Artsy are from "inquiries@artsy.net" but I have gotten some from specific emails.
What clarifications are you looking for? I would be happy to answer your questions to the best of my knowledge as long as they don’t compromise the police case. I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email. I don't see anywhere on Artsy where messages are stored between galleries and I. It's all been between email addresses. Most of the emails from Artsy are from "inquiries@artsy.net" but I have gotten some from specific emails.
|
|
Mirus Gallery
Art Gallery
New Member
Posts • 193
Likes • 284
March 2014
|
Need Advice - Victim of Fraud Via Arsty, by Mirus Gallery on Feb 13, 2019 22:35:23 GMT 1, I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email. I don't see anywhere on Artsy where messages are stored between galleries and I. It's all been between email addresses. Most of the emails from Artsy are from "inquiries@artsy.net" but I have gotten some from specific emails. I don't see the buyers side of things, but from the gallery side all email is stored in Artsy under a conversations part. So I can go back and see the replies. I can also login into artsy and reply through this messaging platform called conversations. If I am replying through email from an artsy inquiry it saves it in the messaging online platform that I can log in. I assumed buyers had the same conversations tab we do.
chemical formula of aluminium sulphate
I have a question. When you login your artsy account that you made the inquiry is all the messages between you and the gallery there? Or is it not recorded in the Artsy messaging platform. All email conversations from a legit artsy email are automatically recorded in your artsy messaging system. This would clarify to me if artsy was hacked or just your email. I don't see anywhere on Artsy where messages are stored between galleries and I. It's all been between email addresses. Most of the emails from Artsy are from "inquiries@artsy.net" but I have gotten some from specific emails. I don't see the buyers side of things, but from the gallery side all email is stored in Artsy under a conversations part. So I can go back and see the replies. I can also login into artsy and reply through this messaging platform called conversations. If I am replying through email from an artsy inquiry it saves it in the messaging online platform that I can log in. I assumed buyers had the same conversations tab we do. chemical formula of aluminium sulphate
|
|
tab1
Full Member
Posts • 8,519
Likes • 3,678
September 2011
|
Need Advice - Victim of Fraud Via Arsty, by tab1 on Feb 13, 2019 23:47:51 GMT 1, its normal on auction platforms to snoop ; ebay regularly snoops on private emails
any phone Numbers or emails or discussing sales outside of the platform a warning is given What you say is true. However, if an organisation the size of artsy fails to rectify a known hacking problem, then I don't care if its legally liable or not, I will avoid, and advise others to do so too. They have not cared for their clients. Something else that put me off Artsy... I added details of a piece that I was interested in consigning for sale. I was contacted by a couple of galleries and an auction house offering to sell the piece on my behalf. We had some ongoing discussion and in the end I decided not to pursue any of the offers and instead sold the piece privately. All was good at this point. However I was then contacted (multiple times) by a member of staff at Artsy who had clearly read both sides of my conversations, wanting to know why I had chosen not to proceed, quoting various details from the emails that I’d assumed were private. I’m sure this is probably mentioned in their legal terms and so they’re entitled to do it, but it felt very very wrong that conversations I’d assumed were private were clearly being read at their end. It put me off the platform entirely and I’ve since uninstalled the app.
its normal on auction platforms to snoop ; ebay regularly snoops on private emails
any phone Numbers or emails or discussing sales outside of the platform a warning is given What you say is true. However, if an organisation the size of artsy fails to rectify a known hacking problem, then I don't care if its legally liable or not, I will avoid, and advise others to do so too. They have not cared for their clients. Something else that put me off Artsy... I added details of a piece that I was interested in consigning for sale. I was contacted by a couple of galleries and an auction house offering to sell the piece on my behalf. We had some ongoing discussion and in the end I decided not to pursue any of the offers and instead sold the piece privately. All was good at this point. However I was then contacted (multiple times) by a member of staff at Artsy who had clearly read both sides of my conversations, wanting to know why I had chosen not to proceed, quoting various details from the emails that I’d assumed were private. I’m sure this is probably mentioned in their legal terms and so they’re entitled to do it, but it felt very very wrong that conversations I’d assumed were private were clearly being read at their end. It put me off the platform entirely and I’ve since uninstalled the app.
|
|
JW
New Member
Posts • 897
Likes • 1,319
February 2011
|
Need Advice - Victim of Fraud Via Arsty, by JW on Feb 14, 2019 0:27:46 GMT 1, Admittedly I haven't read all of this thread, but I just received an email from Atsy about a "data security incident".
Admittedly I haven't read all of this thread, but I just received an email from Atsy about a "data security incident".
|
|
jluhiex
New Member
Posts • 402
Likes • 223
December 2016
|
Need Advice - Victim of Fraud Via Arsty, by jluhiex on Feb 14, 2019 0:28:31 GMT 1, Dear Artsy Users,
We are writing to inform you about a data security incident that may have impacted your Artsy account data. We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. However, as your data security is of paramount importance to us, we wanted to bring this to your attention immediately, and let you know that we are investigating this fully and taking steps to prevent this type of incident from happening in the future.
What Happened:
On February 11, 2019, we became aware that account information for some of our users was made available on the internet. We are still investigating the precise causes of the incident, and together with our engineering team, we are working with a leading cyber forensics firm to assist us.
Although the investigation is still ongoing, we are taking steps to contain this incident and to prevent this type of incident from happening in the future.
What Information Was Involved:
While the investigation is ongoing, we believe that the compromised information includes some users’ first and last names, emails, IP addresses, and password hashes. Please note that Artsy does not store passwords, but only a password hash, which is a type of password protection and is considered industry best practice. And to reiterate, we have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident.
What We Are Doing:
We are continuing to work both with our internal technical teams and industry experts, including a leading computer forensics firm to gain a comprehensive understanding of what happened. We are also assessing existing security measures to protect the integrity of our systems and will continue to work to enhance these protections and safeguards. Our existing security measures include: industry-standard encryption and security protocols for product communication; regular audit of systems for known vulnerabilities; and delegation of the management of sensitive payment information exclusively to best-in-class and externally audited providers.
What Can You Do:
While your actual password is not compromised (only a password hash), out of an over-abundance of caution, we recommend changing your Artsy password today. We also recommend following best practices of regularly changing your Artsy password, and not using simple easy-to-guess passwords. Furthermore you should be using unique passwords for each website, but if you use the same or similar passwords on other online services, we recommend you change those as well.
To Conclude:
As the world’s leading online art market platform, the trust of our users and art world partners is critically important to us. We recognize that data security and the protection of your information is of paramount importance to maintain that trust. In addition to addressing this particular incident, we are committed to continuing to improve by putting in place more and better measures that keep your data secure and private.
For More Information: If you have any questions or concerns, please reach out to us at support@artsy.net.
Best, Daniel Doubrovkine Chief Technology Officer, Artsy
Dear Artsy Users,
We are writing to inform you about a data security incident that may have impacted your Artsy account data. We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. However, as your data security is of paramount importance to us, we wanted to bring this to your attention immediately, and let you know that we are investigating this fully and taking steps to prevent this type of incident from happening in the future.
What Happened:
On February 11, 2019, we became aware that account information for some of our users was made available on the internet. We are still investigating the precise causes of the incident, and together with our engineering team, we are working with a leading cyber forensics firm to assist us.
Although the investigation is still ongoing, we are taking steps to contain this incident and to prevent this type of incident from happening in the future.
What Information Was Involved:
While the investigation is ongoing, we believe that the compromised information includes some users’ first and last names, emails, IP addresses, and password hashes. Please note that Artsy does not store passwords, but only a password hash, which is a type of password protection and is considered industry best practice. And to reiterate, we have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident.
What We Are Doing:
We are continuing to work both with our internal technical teams and industry experts, including a leading computer forensics firm to gain a comprehensive understanding of what happened. We are also assessing existing security measures to protect the integrity of our systems and will continue to work to enhance these protections and safeguards. Our existing security measures include: industry-standard encryption and security protocols for product communication; regular audit of systems for known vulnerabilities; and delegation of the management of sensitive payment information exclusively to best-in-class and externally audited providers.
What Can You Do:
While your actual password is not compromised (only a password hash), out of an over-abundance of caution, we recommend changing your Artsy password today. We also recommend following best practices of regularly changing your Artsy password, and not using simple easy-to-guess passwords. Furthermore you should be using unique passwords for each website, but if you use the same or similar passwords on other online services, we recommend you change those as well.
To Conclude:
As the world’s leading online art market platform, the trust of our users and art world partners is critically important to us. We recognize that data security and the protection of your information is of paramount importance to maintain that trust. In addition to addressing this particular incident, we are committed to continuing to improve by putting in place more and better measures that keep your data secure and private.
For More Information: If you have any questions or concerns, please reach out to us at support@artsy.net.
Best, Daniel Doubrovkine Chief Technology Officer, Artsy
|
|
Billy Sport
Junior Member
Posts • 1,252
Likes • 79
February 2008
|
Need Advice - Victim of Fraud Via Arsty, by Billy Sport on Feb 14, 2019 0:29:14 GMT 1, news just in...
Dear Artsy Users,
We are writing to inform you about a data security incident that may have impacted your Artsy account data. We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. However, as your data security is of paramount importance to us, we wanted to bring this to your attention immediately, and let you know that we are investigating this fully and taking steps to prevent this type of incident from happening in the future.
and goes on...
news just in...
Dear Artsy Users,
We are writing to inform you about a data security incident that may have impacted your Artsy account data. We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. However, as your data security is of paramount importance to us, we wanted to bring this to your attention immediately, and let you know that we are investigating this fully and taking steps to prevent this type of incident from happening in the future.
and goes on...
|
|
irl1
Full Member
Posts • 9,274
Likes • 9,380
December 2017
|
Need Advice - Victim of Fraud Via Arsty, by irl1 on Feb 14, 2019 0:35:08 GMT 1, Just got that in myself about time too!
Just got that in myself about time too!
|
|
robo
Junior Member
Posts • 1,578
Likes • 1,002
November 2006
|
Need Advice - Victim of Fraud Via Arsty, by robo on Feb 14, 2019 0:35:42 GMT 1, to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident.
Very odd...
to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. Very odd...
|
|
|
|
Need Advice - Victim of Fraud Via Arsty, by sptembergurl on Feb 14, 2019 0:39:35 GMT 1, to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. Very odd...
Ok HUGE lie! I will get back to you all with answers about the account in a little bit. My husband is traveling but I will try to log into his account to see a message trail. Obviously they are now aware that we are talking about them. But to say no one reported fraud is UNTRUE. I contacted them myself using all available emails that were public. What they stated is an outright lie. Still have yet to receive a personal response since.
to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. Very odd... Ok HUGE lie! I will get back to you all with answers about the account in a little bit. My husband is traveling but I will try to log into his account to see a message trail. Obviously they are now aware that we are talking about them. But to say no one reported fraud is UNTRUE. I contacted them myself using all available emails that were public. What they stated is an outright lie. Still have yet to receive a personal response since.
|
|
|
Need Advice - Victim of Fraud Via Arsty, by Coach on Feb 14, 2019 0:41:02 GMT 1, What is the difference between the disclosure of a password and a password hash? What is a password hash?
What is the difference between the disclosure of a password and a password hash? What is a password hash?
|
|
irl1
Full Member
Posts • 9,274
Likes • 9,380
December 2017
|
Need Advice - Victim of Fraud Via Arsty, by irl1 on Feb 14, 2019 0:44:35 GMT 1, What is the difference between the disclosure of a password and a password hash? What is a password hash? My wife says its a file for storing passwords.
What is the difference between the disclosure of a password and a password hash? What is a password hash? My wife says its a file for storing passwords.
|
|
irl1
Full Member
Posts • 9,274
Likes • 9,380
December 2017
|
Need Advice - Victim of Fraud Via Arsty, by irl1 on Feb 14, 2019 0:47:59 GMT 1, Ok HUGE lie! I will get back to you all with answers about the account in a little bit. My husband is traveling but I will try to log into his account to see a message trail. Obviously they are now aware that we are talking about them. But to say no one reported fraud is untrue. I contacted them myself using all available emails that were public. Still have yet to receive a personal response since. I looked into my account but i can't find anywhere the messages are stored. I have sent in many over the years
Ok HUGE lie! I will get back to you all with answers about the account in a little bit. My husband is traveling but I will try to log into his account to see a message trail. Obviously they are now aware that we are talking about them. But to say no one reported fraud is untrue. I contacted them myself using all available emails that were public. Still have yet to receive a personal response since. I looked into my account but i can't find anywhere the messages are stored. I have sent in many over the years
|
|
|
Need Advice - Victim of Fraud Via Arsty, by Coach on Feb 14, 2019 0:49:33 GMT 1, What is the difference between the disclosure of a password and a password hash? What is a password hash? My wife says its a file for storing passwords.
The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know?
What is the difference between the disclosure of a password and a password hash? What is a password hash? My wife says its a file for storing passwords. The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know?
|
|
irl1
Full Member
Posts • 9,274
Likes • 9,380
December 2017
|
Need Advice - Victim of Fraud Via Arsty, by irl1 on Feb 14, 2019 0:52:06 GMT 1, My wife says its a file for storing passwords. The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know? Don't wait just change it. They might wait a while and then use your details.
My wife says its a file for storing passwords. The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know? Don't wait just change it. They might wait a while and then use your details.
|
|
irl1
Full Member
Posts • 9,274
Likes • 9,380
December 2017
|
Need Advice - Victim of Fraud Via Arsty, by irl1 on Feb 14, 2019 0:55:00 GMT 1, My wife says its a file for storing passwords. The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know? The hash is your password encrypted.
My wife says its a file for storing passwords. The email says they don’t have our password, just the password hash. That’s the bit I don’t understand. Does whoever committed the breach have our passwords or not? Anyone know? The hash is your password encrypted.
|
|
k2
New Member
Posts • 528
Likes • 971
November 2016
|
Need Advice - Victim of Fraud Via Arsty, by k2 on Feb 14, 2019 0:55:58 GMT 1, What is the difference between the disclosure of a password and a password hash? What is a password hash?
Disclosing your password allows someone to use your email address / username and password to access your account.
If only a hashed or encrypted version of your password is disclosed, this typically can’t be used to access your account. A hashed version of your password is a like an encrypted version of your password than can’t be converted back to your original password.
Sites that are built with at least a modicum of security will never store an unhashed / unencrypted version of your password. Instead, the hashed version is stored. When you try to login to your account, the password you enter is hashed and compared to the stored hash. If the two match, the password you entered must have been correct.
In other words, the hashed password can be used to verify that the password you entered is correct, but if you only have access to the hashed password you can’t reverse engineer it to ‘convert’ it into your unhashed password.
Problems occur when poorly written sites store unhashed versions of passwords. If these sites are hacked, the attackers can download complete lists of unhashed email/password combinations. And because people tend to reuse passwords across different services, these hacks can allow people to access your accounts on other sites, not just the site that was vulnerable.
Waffling now, but essentially never reuse passwords across sites. By doing that, if a poorly secured site is breached, attackers will gain access to at most one of your accounts rather than all of them.
What is the difference between the disclosure of a password and a password hash? What is a password hash? Disclosing your password allows someone to use your email address / username and password to access your account. If only a hashed or encrypted version of your password is disclosed, this typically can’t be used to access your account. A hashed version of your password is a like an encrypted version of your password than can’t be converted back to your original password. Sites that are built with at least a modicum of security will never store an unhashed / unencrypted version of your password. Instead, the hashed version is stored. When you try to login to your account, the password you enter is hashed and compared to the stored hash. If the two match, the password you entered must have been correct. In other words, the hashed password can be used to verify that the password you entered is correct, but if you only have access to the hashed password you can’t reverse engineer it to ‘convert’ it into your unhashed password. Problems occur when poorly written sites store unhashed versions of passwords. If these sites are hacked, the attackers can download complete lists of unhashed email/password combinations. And because people tend to reuse passwords across different services, these hacks can allow people to access your accounts on other sites, not just the site that was vulnerable. Waffling now, but essentially never reuse passwords across sites. By doing that, if a poorly secured site is breached, attackers will gain access to at most one of your accounts rather than all of them.
|
|