A million Artsy user account details exposed in large-scale hack

The online art marketplace Artsy was among 16 websites involved in a large-scale hack that resulted in around 617 million online account details (including 1 million from Artsy) reportedly offered for sale on the dark web for less than $20,000 in Bitcoin on 11 February. In a statement, Artsy’s chief technology officer Daniel Doubrovkine says there is “no evidence that commercial or financial information was involved” and Artsy has “not received reports from Artsy users of actual or attempted fraud as a result of this incident”. The compromised data consisted mainly of account holders’ names and email and IP addresses. Exposed passwords were “hashed”—“a type of password protection… considered industry best practice”, Doubrovkine says, but “out of an over-abundance of caution” the company recommends that users change their passwords. An investigation into the hack is ongoing, but Artsy is “taking steps to contain this incident and to prevent [it] from happening in the future”, Doubrovkine says.