Dark Web Offers Artsy Data for Sale

2019, Breaches, February

Who: Artsy

How Many Records: 1,000,000

Date: February 14, 2019

What Happened: A data security incident impacted Artsy

How did it happen: Artsy data was among that taken from 16 sites and put up for sale on the dark web. According to the report, data related to one million accounts on Artsy has been stolen as part of an operation that compromised 620 million accounts from sites including the video-messaging service Dubsmash and the online directory website Whitepages. The information consists mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used. There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. However, it appears that no payment or bank card details were in the sales listings.

Outcome: We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident. However, in the interest of “an over-abundance of caution,​ we advised users to change their passwords on Artsy as well as other sites that might share similar passwords. We only store password hashes (a type of encryption used for protection) on our site.