A university professor living in a large town in western Germany was busy on a recent Wednesday evening preparing several paintings for sale through the British auction house Christie’s, an auction house that conducts auctions around the world.
By using his iPhone, he was able to upload images of an inherited piece of art that he had at home onto the company’s website using the company’s logo. The site promised that in a few weeks, Christie’s would tell him whether it was interested in advertising them for sale and would let him know if they were worth any money.
The researchers in Germany suggest that when he uploaded these images, he did not only reveal the exact location of the pieces to Christie’s, but he also revealed the exact size of each piece. By uploading these images, the researchers claim that anyone could find them online and see where they are located for themselves.
This cybersecurity incident impacted hundreds of Christie’s clients who uploaded photographs of their prized paintings and sculptures to the auction house’s website for the auction house to review, which were impacted by the cyberattack. As a result of his friend’s request for him to check on the effectiveness of the auction house’s data security, researchers Martin Tschirsich and André Zilch from the German cybersecurity research company Zentrust Partners discovered the breach.