• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

CLINK glitch
0

Started by jjonahjameson11,

56 posts in this topic

Xatari

Xatari

Posted
Posted (edited)
On 8/7/2023 at 6:09 AM, MIL0S said:

will this 'glitch' affect anyone's decisions to sell or buy on ComicLink going forward? 

Yes.  I personally won’t consign there. That is way too risky. I’m sure the consignors for this past auction were not happy. 
 

I will also add, I spent two hours canceling and ordering new credit cards as a result. I wasn’t stoked to spend that time due to their lack of security. 

Edited by Xatari
Link to comment
Share on other sites
Sideshow Bob

Sideshow Bob

Posted
Posted

Has anyone received some kind of official communication from CL about a data breach, and that it accessed personal information including credit cards? If there was a data breach, I would have expected something official, but haven't received anything. 

Or is that speculation due to a hack that resulted in the redirect of the main page?

Link to comment
Share on other sites
Twanj

Twanj

Posted
Posted
On 8/8/2023 at 1:33 PM, Sideshow Bob said:

Has anyone received some kind of official communication from CL about a data breach, and that it accessed personal information including credit cards? If there was a data breach, I would have expected something official, but haven't received anything. 

Or is that speculation due to a hack that resulted in the redirect of the main page?

I've gotten plenty of emails about comic book auctions which I have never participated in, but no acknowledgment of being hacked or if my (way out of date) credit card info is safe.

They definitely need to put something out there.

Has anyone emailed or called?

Link to comment
Share on other sites
Taylor G

Taylor G

Posted
Posted

I don't understand all the sturm und drang about a breach at CL.  Have people already forgotten that HA was the victim of a ransomware attack in 2019, or that a live comic art auction after they resumed operation froze up for a while (perhaps while payment was made in Bitcoin?).  This is the company that turns a check payment into an ACH transfer, and in this country, the banks have made it absurdly easy for someone to empty out your bank account if they have your account number (better that than the banks have to invest in the kind of checks and balances that banks in the rest of the world are required to have).

Link to comment
Share on other sites
Will_K

Will_K

Posted
Posted (edited)

I was watching Heritage Live (2023 June 2 - 4 The Comisar Collection Platinum Signature® Auction #7318) and there was some kind of issue.  I don't remember exactly what was going on.  But it seemed like things got hung up.  I think they also explained there was an issue related to bid increments or something.  This was with in-person auctioneers.  After at least 30-45 minutes, they started up again.  They actually backed up a few lots (to whatever their top bids were) and commenced bidding again.  So at least HA acknowledged the problem and gave a reason in real time.

I remember ComicConnect more or less crashed when the first round of auctions from Nick Cardy's estate started closing.  I think it was the next day that Vincent sent out an e-mail indicating he was not happy about the situation and making sure it was being corrected.  After that, the first round went off without a hitch.  And the second round went smoothly.

Edited by Will_K
Link to comment
Share on other sites
BCarter27

BCarter27

Posted
Posted (edited)
On 8/8/2023 at 1:33 PM, Sideshow Bob said:

Has anyone received some kind of official communication from CL about a data breach, and that it accessed personal information including credit cards? If there was a data breach, I would have expected something official, but haven't received anything. 

Or is that speculation due to a hack that resulted in the redirect of the main page?

I don't have a lot of faith that it was just a cosmetic hack and the back-end database wasn't compromised. So I'm getting ahead of this... I replaced both cards CLINK had and changed my password on any other sites that had the same password. (I should've known better not to do this in the first place, but I setup these accounts a long time ago when the internet was a safer place.) The rest of you should use unique, random passwords for every site. Setup MFA wherever you can.

I'm also going to take advantage of virtual credit card numbers going forward. Check with your credit card company to see if they offer this feature.

Edited by BCarter27
Link to comment
Share on other sites
  • Popular Post
cstojano

cstojano

Posted
  • Popular Post
Posted (edited)
Posted on their FB page.
 
Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.
Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.
Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.
The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.
In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.
Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.
Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.
Edited by cstojano
Link to comment
Share on other sites
Sideshow Bob

Sideshow Bob

Posted
Posted
On 8/9/2023 at 9:08 PM, cstojano said:
Posted on their FB page.
 
Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.
Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.
Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.
The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.
In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.
Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.
Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.

Thanks! This is the response I was looking for.

Link to comment
Share on other sites
jjonahjameson11

jjonahjameson11

Posted
  • Author
Posted
On 8/8/2023 at 12:59 PM, Xatari said:

Yes.  I personally won’t consign there. That is way too risky. I’m sure the consignors for this past auction were not happy. 
 

I will also add, I spent two hours canceling and ordering new credit cards as a result. I wasn’t stoked to spend that time due to their lack of security. 

Likewise.  I hadn't consigned with them for several years due to auction/access 'hiccups' and ever-decreasing returns in comparison to HA. 

This latest 'glitch' and the incredibly poor (lack of) communication has ensured that I will never consign with them.  

Link to comment
Share on other sites
jjonahjameson11

jjonahjameson11

Posted
  • Author
Posted
On 8/9/2023 at 9:08 PM, cstojano said:
Posted on their FB page.
 
Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.
Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.
Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.
The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.
In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.
Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.
Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.

:roflmao::roflmao::roflmao:

If you believe that, then I have a nice bridge for sale in Brooklyn!

Link to comment
Share on other sites
Sideshow Bob

Sideshow Bob

Posted
Posted
On 8/10/2023 at 12:47 PM, jjonahjameson11 said:

:roflmao::roflmao::roflmao:

If you believe that, then I have a nice bridge for sale in Brooklyn!

JJJ,

I regularly buy from ComicLink and read their explanation of the hacking event. What part of that should I not believe and why is what they said false? Trying to differentiate if you're just trolling CL or if there is something you can share that would help us all better understand their comment... 

-Bob

Link to comment
Share on other sites
jjonahjameson11

jjonahjameson11

Posted
  • Author
Posted
On 8/10/2023 at 3:44 PM, Sideshow Bob said:

JJJ,

I regularly buy from ComicLink and read their explanation of the hacking event. What part of that should I not believe and why is what they said false? Trying to differentiate if you're just trolling CL or if there is something you can share that would help us all better understand their comment... 

-Bob

Bob, I'm no troll.

I highlighted the part in red font, and underlined the word "remain", since they haven't been diligent at all.

I do not sell with them, but its a great place to buy OA and I've said that for years.

Link to comment
Share on other sites
Will_K

Will_K

Posted
Posted (edited)

I couldn't remember what credit cards I had on file with ComicLink.  I logged in and did not find any.  My recollection was that I usually paid by personal check because that gave a slight discount.  Although mailing checks has its own issues.

Edited by Will_K
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
0
Go to topic listing