Late last week, FlexMLS and Matrix, two of the nation’s largest multiple listing services (MLS), fell victim to data breaches that have raised significant concerns among their members. The breaches reportedly compromised member login credentials, leading to a wave of phishing attempts. In response, both organizations advised all members to reset their passwords as a precautionary measure.
FlexMLS currently serves approximately 334,000 members, while Matrix, managed by real estate data firm Cotality (formerly CoreLogic), supports over a million members across several major MLSs, including CRMLS, Stellar MLS, and Bright MLS. While the breach did not affect all members universally, its impact remains a serious issue. Merri Jo Cowen, CEO of Stellar MLS, noted that the organization acted promptly upon discovering coordinated attempts by a third party to access their systems via Matrix.
“Out of an abundance of caution, we immediately notified our customers, took swift action to protect their accounts, and reset all login credentials,” Cowen stated. She highlighted that proactive security measures, particularly the recent implementation of multi-factor authentication (MFA), ensured that Stellar MLS customers were not compromised.
To further emphasize their commitment to security, Cowen added that Stellar MLS is continually enhancing its protective measures and support systems to address evolving threats, reinforcing the integrity of their systems and maintaining customer trust.
Tim Dain, CEO of Northstar MLS, shared insights regarding the breach, stating that Cotality informed them of detected spamming activity linked to a compromised NorthstarMLS Matrix user account. He reassured members that no account information had been stolen, expressing his regret for any inconvenience caused during the incident. “Your security is our top priority,” Dain stated, appreciating the ongoing trust from NorthstarMLS members.
A communication sent to members of the Greater Albuquerque Association of REALTORS (GAAR) characterized the breach as limited in scope, indicating that it affected a small number of FlexMLS users. The message outlined key points related to the incident, emphasizing that no internal systems were compromised and that attackers exploited previously leaked login credentials through methods such as credential stuffing. Affected accounts have been systematically locked, with MLSs directly contacting those impacted.
The GAAR also noted that enhanced monitoring and security measures are being deployed as a direct response to the breach. Members utilize single sign-on to access FlexMLS via the Member Portal, necessitating an update to their login credentials. Moving forward, members will be required to change their passwords every six months to further safeguard their accounts.
In light of this incident, cybersecurity experts are recommending practices such as strong password management, recognizing phishing attempts, cautiously handling email attachments, and implementing two-factor authentication. Rappatoni, a software provider that previously experienced a major security breach, champions these security protocols to mitigate risks associated with data breaches.
The recent incidents highlight the pressing need for organizations to remain vigilant against emerging threats and to adopt robust cybersecurity measures. Utilizing the MITRE ATT&CK framework, tactics such as initial access through stolen credentials, persistence, and privilege escalation can provide valuable context for understanding the methodologies once used in these attacks.
