Cybersecurity and the Arts Industry
Even the Art IndustThere are art galleries and museums throughout the nation. When the locality does not have a physical site, there is always the internet as a resource. There are services which provide an inlet into the art world for those of us not proximate to the larger museum. One of these services is Artsy, which is described as “…an online platform that offers views into the art world as well as works for sale…” (Dissent, 2019).
In February 2019, the CTO, Daniel Doubrovkine, emailed the service’s users notifying them of “…a data security incident that may have impacted your Artsy account data.” Merely reading this short portion of his sentence was a bit alarming. With all of the breaches in the retail and commercial industries, there tends to be a sensitivity when this occurs.
This affected approximately 1M Artsy users. The affected data is believed to be the user’s name, email, and IP address. While this is still an issue, on the bright side, any credit card or banking information was not included. The business had not been notified of any actual fraud or attempted fraudulent events arising from this issue. The data is presumed to be on sale in the dark web.
Artsy recommended the users change their passwords. Also if the users happened to use the same passwords for other sites, which unfortunately occurs, they users were recommended to change these also. This is not as a significant issue as the other data, as these were stored as hashes.
Unfortunately, the method or vector for the successful attack had not been published. This would have been useful to share so others could learn from the issue and not compound the same problem. The attack does however highlight the importance of a thorough defense in depth for the perimeter and hashing passwords, for this use case.
Dissent. (2019, February 14). Artsy alerts users of data-security breach; report claims hacked information for sale. Retrieved from https://www.databreaches.net/artsy-alerts-users-of-data-security-breach-report-claims-hacked-information-for-sale/
Greenberger, A. (2019, February 14). Artsy alerts users of data-security breach; report claims hacked information for sale. Retrieved from http://www.artnews.com/2019/02/14/artsy-data-stolen-security-incident/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.