Source: securityboulevard.com – Author: Richi Jennings
Home listings SaaS dead in the water as real estate agents lose leads.
A service that helps local realtor associations manage home listings has been down for over a week, thanks to a ransomware attack. It went down over a week ago, and it doesn’t look like it’ll be back any time soon.
Insiders say this was a long time coming: Rapattoni can’t be the last such white-label MLS in the scrotes’ firing line. In today’s SB Blogwatch, we smell vulnerable legacy systems.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Let It Go (not that one).
MLS FAIL
What’s the craic? Randy Tucker reports—“Cyberattack … shuts out thousands of Realtors, homebuyers”:
“Homebuyers are missing out”
California-based Rapattoni Corp., which provides software and data services for more than 100 multiple listing services nationwide, [said] a deliberate cyberattack had crippled its service. Several local Realtors [said] the cyberattack must have occurred late Tuesday or Wednesday [last week] because … they haven’t been able to list houses for sale, advertise open houses, update listings as “sold” or “pending,” or make other changes to listings.
…
Rapattoni … had not yet determined the full extent of the cyberattack and could not provide a timetable for restoring service. … Meanwhile, potential homebuyers are missing out on new listings in a market that is already short on inventory and highly competitive.
And Dan Goodin adds—“Real estate markets scramble”:
“Could get worse”
It has been widely reported that the event is a ransomware attack. … Rapattoni has yet to say whether personal information has been compromised. The outage is a potent reminder of the real-world disruptions that cyberattacks can impose on … people [who] depend on a service that gets hacked.
…
[An MLS] provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS have become essential for connecting buyers to sellers and to the agents and listing websites serving them.
…
Not all regional listing services are affected because some use [MLS] vendors other than Rapattoni. The damage the outage is causing to agents, buyers, renters, and sellers could get worse unless services are restored in the next few days.
ELI5? linsomniac explains like we’re five:
[I’m a] SysAdmin to an MLS. … An MLS is really just a database and associated tooling for advertising properties among Realtors in an area. The MLS is controlled by a Realtor Association … basically all the Realtors/Brokers in an area working together.
…
There’s an awful lot of money that goes into the Realtor industry. But, if it were easy to get rid of, For Sale By Owner (FSBO) would be more popular. As far as I can tell, at least in my area, FSBO basically doesn’t exist.
Are we surprised this has happened? An irked fishnuts is not:
I used to be a senior engineer at an MLS … clearinghouse, handling data from over 200 MLSs. … I knew this would happen, and I’m kind of amazed it didn’t happen earlier.
…
It always boggled me how difficult it was to get various MLS orgs to agree on schemas and metadata for their database entries, while at the same time having it all be managed and distributed by one centralized org. … You’d think that with the amount of money exchanging hands … they’d figure out how to standardize on a schema and access methods that enables … decentralized and duplicated storage and transactions. Too much is riding this to not have some sort of redundancy.
MLS has been used for YEARS and nobody thought to decentralize its transactional features, making a virtual monopoly on the most important functions. And that irked the hell out of me.
Similarly, u/aardy is shocked. Shocked! (Well, not that shocked):
MLS software is basically dog****. … I can’t say that I’m shocked that one of the major white-label … SaaS MLS back ends contained a security vulnerability.
Are you affected? Bippy is sorry-not-sorry:
I had to fight with use MLS data in a past life. They have an absolute stranglehold on the system—expensive, poorly formatted data on antiquated systems—and there is no alternative.
…
Frankly I’m just chuckling at this development. [I’m] glad that I don’t have to work with them anymore and sorry for anyone who does.
Have we finally found a good use case for a blockchain? jsutton sees it like that:
A normal database isn’t able to be easily disseminated by the people who need access to this data. … Then who gets to host it? Real estate associations are too many, too fragmented, too entrenched to agree on one or even a handful of companies.
…
A blockchain … has the ability to align some financial incentives of all interested parties to open up access to real estate listings while still holding ownership and profiting from that access:
Instead of real estate companies protecting their … data, they could offer access … in exchange for a fee. …
Instead of out-of-date listings parading as up-to-date, there’s a public temporal record of updates.
Instead of buyers getting restricted or partial information, they can obtain access … via alternate sources.
But some say good riddance to the entire closed-shop realtor setup. Firethorn alleges an awful allegation:
I remember in one state not being able to see the exact addresses for any listed property, forcing you to go to agents … so you could—you know—look at the properties. Given my semi-recent introduction into racism, it gets worse the more you look. I could easily see [how] real estate agents could “guide” buyers into the “appropriate” neighborhoods for them.
Meanwhile, on the internet, nobody knows you’re u/Obvious-Dog4249:
I hope hackers continue to attack it and make them suffer.
And Finally:
Let It Go (not that one)
Hat tip: si bennett
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: darkday (cc:by; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2023/08/rapattoni-mls-ransomware-richixbw/
Category & Tags: Analytics & Intelligence,API Security,Application Security,AppSec,Blockchain,Cloud Security,Cyberlaw,Cybersecurity,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Regulatory Compliance,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social Engineering,Software Supply Chain Security,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,legacy,Legacy Application,legacy applications,legacy apps,legacy IT,legacy Software,legacy system security risk,legacy systems,MLS,Rapattoni,real estate,real estate agents,realtors,SaaS,SB Blogwatch – Analytics & Intelligence,API Security,Application Security,AppSec,Blockchain,Cloud Security,Cyberlaw,Cybersecurity,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Regulatory Compliance,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social Engineering,Software Supply Chain Security,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,legacy,Legacy Application,legacy applications,legacy apps,legacy IT,legacy Software,legacy system security risk,legacy systems,MLS,Rapattoni,real estate,real estate agents,realtors,SaaS,SB Blogwatch
