'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Live Auctioneers, Promo and others fall victim of data leaks.
15 November 2020BREACHAWARE HQ
A total of 9 breach events were found and analysed resulting in 4,621,343 exposed accounts containing a total of 6 different data types of personal datum . The breaches found publicly and freely available included Live Auctioneers, Promo, Unico Compania, Scentbird and NASA. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data.
Data Breach Analysis
The breached entities span a remarkably broad spectrum, from an auction platform and a fragrance subscription service to a U.S. government agency. Specifically included in this leak cluster are Live Auctioneers, Promo, Unico Compania, Scentbird, and even NASA, along with several others.This group of breaches reflects not just the diversity of platforms vulnerable to exposure, but also the unpredictability of where leaked data ends up, and how long it remains in circulation. The total number of affected users is relatively moderate compared to other large-scale events, but the inclusion of high-trust organisations and niche businesses raises the profile of this breach set significantly. It is also worth noting the continued emergence of breaches where data is made freely available, removing any cost barrier for malicious actors.
Live Auctioneers is a major online platform for live and timed bidding on fine art, antiques, jewellery, collectibles, and estate items. With over a million listings and a dedicated global user base, the platform holds not just personal accounts but also financial behaviour profiles tied to high-value purchases.
Buyers of collectibles and art are often affluent, and scammers may impersonate auction houses, issue fake invoices, or craft phishing campaigns that appear to be updates about high-ticket items. Also, the nature of auctions means the stakes are financial, and sometimes emotional, leading to more impulsive, risk-tolerant behaviour that attackers can exploit.
Promo (formerly Promo by Slidely) is a video creation and marketing platform aimed at small businesses and marketing professionals. Users typically include social media managers, entrepreneurs, content creators, and startups looking to create promotional material at scale.
Promo accounts might not always contain deeply personal information, but the professional implications are considerable. If an attacker gains access to a user’s Promo account, they may be able to:
- Impersonate a brand or business
- Access stored content or drafts
- Disrupt scheduled promotional campaigns
Additionally, marketing professionals often reuse credentials across multiple SaaS platforms. A leak of even basic credentials here could open doors to email marketing platforms, ad accounts, or design tools, creating opportunities for digital sabotage or surveillance.
Unico Compania appears to be a regional or industry-specific entity, possibly based in Latin America or Southern Europe, although definitive public information is scarce. This suggests either a small or medium-sized enterprise, which typically operate with limited cybersecurity budgets and may rely on legacy platforms or unpatched open-source tools.
The risks of such breaches lie in:
- Reuse of credentials across unrelated services
- Minimal user awareness of the breach (no public disclosure)
- Lack of international visibility, despite data being globally available
Smaller entities are also more likely to be stepping stones in larger attack chains, where attackers first compromise a “low-value” platform to harvest valid credentials, then use those for lateral movement into higher-value targets.
Scentbird is a fragrance subscription service that delivers monthly samples of perfumes and colognes to users. Though seemingly innocuous, lifestyle subscription services often require personal information that gives attackers a rich dataset for both identity profiling and targeted fraud. A Scentbird user may also be a customer of other lifestyle brands, which can be inferred through shared data patterns. Subscription services are particularly vulnerable to impersonation fraud, fake emails about "delivery issues," for instance and leaked data allows for timing-specific scams ("Your subscription will expire in 3 days...").
The trust factor is also important. Users of such services often perceive them as niche and community-driven, so a breach can lead to significant brand damage even if the raw number of affected users is small.
The inclusion of NASA in this breach group raises immediate concern, not just due to the agency’s high profile, but due to the potential classification of the data involved. NASA has experienced several breaches over the years, often the result of phishing attacks or unsecured contractor endpoints.
In this instance, the publicly available data is believed to stem from lower-risk categories. Still, even seemingly trivial information related to a federal agency has potential implications:
- Leaked internal emails or usernames can aid phishing campaigns
- Credentials might be reused on other .gov or defence-adjacent systems
- Even symbolic breaches can be used in disinformation or propaganda
While the affected NASA data here is likely non-sensitive, the visibility of the agency ensures that any exposure amplifies reputational and geopolitical risks.
Six Data Types: Multi-Angle Threat Surface
Although the exact six data types have not been specified, the variety allows for layered attack strategies, from basic credential stuffing to precision-targeted spear phishing. It also enables identity stitching, where attackers connect a user’s presence across multiple platforms using shared or inferred data points.The relatively modest number of accounts (4.6 million) may seem minor in an age of billion-row leaks, but context and diversity of exposure matter more than raw volume in many modern cybercrime tactics.
Conclusion
This collection of nine breaches, touching everything from fine art auctions and fragrance subscriptions to federal space agency accounts, speaks to the pervasiveness and unpredictability of digital exposure. The inclusion of well-known platforms alongside lesser-known businesses increases the risk that users may not even realise they were compromised. The broad spread of six data types and the public availability of the data ensure that these accounts will remain vulnerable long after the initial breach window has closed.Whether it's a high-spending collector, a lifestyle subscriber, or a federal contractor, the fallout from these breaches extends far beyond the numbers.
