# HiBid hacked?  Do they have your credit card number?



## trlvn (Oct 3, 2021)

In Ontario, hibid.com is the platform behind most (all?) of the online auctions in my area...and they've been unreachable since Thursday last week.  Apparently hacked and being held for ransom.

There seems to be little public information on this situation so far.  The attack is apparently against hibid's parent company, SandHills Global.  One auctioneer that I follow emailed a link to the following article:



> ...Numerous sources have told BleepingComputer that a Conti ransomware attack is behind these outages.
> 
> This attack reportedly took place in the early morning hours of Thursday [September 30, 2021], causing the company to shut down all of its IT systems to prevent the attack's spread. ...


https://www.bleepingcomputer.com/ne...inery-markets-shut-down-by-ransomware-attack/

According to BleepingComputer (via Twitter), Sandhills has confirmed the attack but doesn't know if customer information was compromised by the hackers.  

Hibid has my credit card number on file since that's how almost all the auctions get paid.  I'm going to be watching my credit card account closely and I may just get the card replaced.  Have any other members also purchased through them?

Craig


----------



## 6.5 Fan (Oct 3, 2021)

I've looked at a couple of hibid auctions but never registered, i have bought a lot of stuff through icollector auctions. Frickken hackers, some a**wipe always looking to get money the easy way.


----------



## Canadium (Oct 3, 2021)

I've registered with both Storey's and Bryan's auctions both of which use the HiBid platform and both of which have auctions which are off line at the moment. Very concerning! Thanks for the heads up!


----------



## Everett (Oct 3, 2021)

Interesting, there was going to be an auction at Rainbow in Stony Plain this week, but they postponed it due to "technical problems," this makes more sense. I've bought stuff through Hibid before, so thanks for the heads up to watch my card transactions.


----------



## darrin1200 (Oct 4, 2021)

Thanks. I just did a purchase through them recently. I will monitor my card.


----------



## trlvn (Oct 4, 2021)

hibid.com is still shut down, 4 days later.


----------



## gerritv (Oct 4, 2021)

Voip providers were attacked/taken down in UK 2 months ago, this past month they hit voip.ms in Montreal and US. Then moved the attack to their upstream provider for most numbers in the US, including 911 call centres (Bandwidth.com). Now Hibid.com has its domain hijacked. And today FB, Instagram and Whatsapp.

You would seriously hope the the Canadian Cyber Security group is on to this. These attacks get broader every time.


----------



## kevin.decelles (Oct 4, 2021)

I proactively cancelled my card......   i think it is bigger that they are letting on....


----------



## gerritv (Oct 4, 2021)

I think the FB stuff is due to a bad configuration update. But who knows what is really is. Ditto with HiBid, until companies are forced to report the real cause of outages affecting so many it will be guess work at best.


----------



## Tom Kitta (Oct 4, 2021)

They are back online. If it is ransomware most likely they got their servers encrypted and asked for 100 bit coins (main use of crypto) for decryption key.

They either paid said 100 or paid a bit less to "decryption service". 

Either way, they need to make sure their employees use stronger passwords and maybe two factor authentication. 

I doubt any CC were stolen - unless they are very, very stupid at hibid - which could be the case.


----------



## gerritv (Oct 4, 2021)

Their DNS record was taken over/flushed/removed/hijacked so I doubt it was encryption. Likely we will never know.


----------



## trlvn (Oct 5, 2021)

I got two separate emails from auctioneers announcing that hibid.com was back up and announcing that their auctions were ready for bidding.  Neither acknowledged the hack or expressed a shred of concern.  So I replied to each pointing out that their service provider was hacked and asking how I could ever trust the platform again.  Also asked how much of my personal information had been exposed and particularly about my credit card number.  Both replied promptly also neither actually answered my questions.  The one suggested I call Sandhills Global directly and gave me a telephone number!*

The lack of communication from Sandhills really concerns me.  It appears they are trying to sweep the whole incident under the rug and carry on as if nothing happened.  That suggests they don't give a sh*t about their users.  I find that very troubling.

Craig

*Sandhills Global telephone systems were also down during the attack.  A news report from yesterday said they were unable to contact Sandhills for comment...possibly because their telephone systems were still down!


----------



## kevin.decelles (Oct 5, 2021)

Fully agree @trlvn .  They lost this fight before it started.  Job #1 should be communication and marketing.......  They let the media have a field day with it.  

I'll be getting a different low-limit card for auction services going forward I suppose.  Something that won't cause any disruption when replaced.


----------



## trlvn (Oct 13, 2021)

Interesting.  One of the auctioneers I've dealt with sent out an email about an auction closing tomorrow.  Near the bottom, after all the usual stuff, I was surprised to see:



> For catalogue and pictures please go to jacobauctions.hibid.com. Terms: Cash, Etransfer, or Cheque only. *No credit cards*. ...[emphasis added]



There has still been no official statements regarding the Hibid/Sandhills ransom attack but is this a reaction to the breach?

Craig


----------

