In response to this breach, the auction site disabled all bidder passwords and is forcing a reset. LiveAuctioneers users should make their new password more complex through the use of uppercase and lowercase letters, numbers and special characters. The new password should also be unique to the login and not shared with any other accounts. Any attacker who purchases this data will most likely use it with automated password-checking software that can attempt to log in to social media, email and online banking or tax preparation websites using the passwords from this data breach or similar passwords. For any of the breached records that used a work email address, attackers might also try to log on to the company’s Office 365, VPN, or other online resources used by the company on the same domain name. Affected people should also be on the lookout for targeted phishing campaigns as this information is a treasure trove for online criminals. Companies should monitor data breaches to detect any use of their employees’ email addresses and reset leaked passwords if the same password is used to access company resources. Experience has shown that many employees use the same or very similar passwords across many websites.

Source Article: https://www.bleepingcomputer.com/news/security/liveauctioneers-reports-data-breach-after-user-records-sold-online/?&web_view=true