Art News, Artists, Music and more!

Christie’s Cybersecurity Vulnerability Revealed GPS Data Of Consigner’s Works

Two German cybersecurity experts had discovered a security vulnerability on Christie’s website that exposed the GPS location data of hundreds of consigners’ works.

A report by the Washington Post revealed that Martin Tschirsich and André Zilch, the duo behind the German cybersecurity company Zentrust Partners, discovered the vulnerability. According to them, they first noticed Christie’s after a friend asked them to check their website for any security vulnerabilities. Within a few minutes, they found out a major bug.

According to Tschirsich and Zilch, Christie’s allows consigners to upload images of their artworks on the website, in the hopes of catching the eye of potential buyers. A seller can upload up to three images per request on the “Request an Auction Estimate” page. The duo said the images usually contained GPS data of the photographs, which was visible to anyone who accessed the images on the website. This meant that anyone could pinpoint the exact location of where the artifacts were clicked – which is also usually their current location.

Reportedly, Tschirsich and Zilch had contacted Christie’s in June with information about the vulnerability, as well as offering to resolve it for free. At the time, the museum authorities allegedly declined the offer and said that they would take care of the issue on their own. However, as per the report, the vulnerability was fixed only on Tuesday last week.

Also Read: Three Men Behind Theft Of $2.5M Ming Dynasty-Era Vase Get Convicted

Martin Tschirsich and André Zilch are credible names in the cybersecurity world, having helped in discovering a bug in the German election software and secure patient’s health data. Tschirsich also said that the vulnerability would have only taken two days to solve, so it is unclear why Christie’s took more than 2 months to fix it.