In an email sent to its users on Wednesday evening, the chief technology officer of Artsy—an online platform that offers views into the art world as well as works for sale for prices between “$100 to over $1,000,000,” as its website states—alerted users to “a data security incident that may have impacted your Artsy account data.” The notice, signed by Artsy chief technology officer Daniel Doubrovkine, said the company believed that users’ names, emails, and IP addresses may have been among the data stolen.
“We have no evidence that commercial or financial information was involved, and to date we have not received reports from Artsy users of actual or attempted fraud as a result of this incident,” the alert stated. In the interest of “an over-abundance of caution,” it advised users to change their passwords on Artsy as well as other sites that might share similar passwords, while stating that the site stores only password hashes (a type of encryption used for protection).
A report published on Monday by the Register, a British news site devoted to technology (with the tagline “Biting the hand that feeds IT”), asserted that Artsy data was among that taken from 16 sites and put up for sale on the dark web. According to the report, data related to one million accounts on Artsy has been stolen as part of an operation that compromised 620 million accounts from sites including the video-messaging service Dubsmash and the online directory website Whitepages.
The report reads, in part, “Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.” It adds, “There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listings.”
Reached for comment, a spokesperson for Artsy referred ARTnews to its original alert notice, which states that Artsy is investigating the matter.