Thread: Simple Auctions Hacked Again
View Single Post
  #59  
Old 01-21-2021, 09:03 AM
MCyganik MCyganik is offline
M@++ Cyganik
Member
 
Join Date: Feb 2018
Location: Boston
Posts: 152
Default
Again I'm just a layman here with no real skin or knowledge in this game so I'm probably full of hot air, but here's my most recent thoughts.

I imagine most of SAS's clients are small-time auction houses in the grand scheme of things. Generally, profits and overhead costs are within the means of the auction's proprietor, who may run their auction as a side business/hobby or to eke out a living by themselves or with a close knit team. Not to make an absolute killing with a large salaried staff.

There's a trust that they've built with Bob & SAS, at the end of the day a fellow collector like most of them. It also enables a network of peers they can bounce ideas off of within SAS's framework, both as collectors and auction runners.

SAS is literally called Simple Auction Sites because in a lot of ways it is cut and paste web design, like a Tumblr blog for auction houses. SAS's system allows easy to set up access for small auction houses that don't have a lot of technical knowledge or startup capital to manage a whole individual auction platform.

I imagine despite these technical/ransomware issues, leaving the safety of the 'nest' Bob has built would be overwhelming and perhaps harmful for many small businesses under SAS's portfolio.

That being said, it certainly seems SAS's ability and reach has a limit, as we see in these ongoing technical/ransomware issues that are now affecting millions of dollars worth of business. Maybe there was some naivety about its security, maybe the hackers were just that good at breaking into the code. But it seems SAS was a sitting duck for a long time coming for someone to pull a stunt like this.

It also reflects the size of the clientele. What is a company like Goldin (a few other big ones), holding monthly+ auctions and pushing millions of dollars of artifacts each month, doing still using a platform that peers 20x less the size of them use that we now learn might be easily penetrable? Loyalty to Bob? Maximizing profits?

Once an online auction house gets big enough to hire a dozen staff members, shouldn't they begin to invest in proper in-house IT and web development? They are going to be the ones that attract an audience. If I'm a profiteering hacker and I see a company running monthly 6 figure auctions for 1952 Topps Mickey Mantle cards and high-end Michael Jordan memorabilia, I'd probably try to get a piece of that action too.
Reply With Quote