Have I Been Pwned (HIBP) has added over half a million Beckett Collectibles customer records to its breach database, confirming the legitimacy of a previously unacknowledged data breach that affected the popular US trading card and memorabilia platform earlier this month.
The update follows weeks of speculation after defaced website content and a leaked database appeared on dark web forums, with Beckett itself still offering no public comment.
The breach, now validated by HIBP‘s internal verification processes, included over 541,000 exposed email addresses, with a smaller subset containing customer names, usernames, phone numbers, and physical addresses. The data is believed to be primarily from North American users and was partially released publicly after it appeared for sale on a major hacking forum in early November.
Initial signs of the incident emerged around November 10, when cybersecurity watchers discovered a listing on a dark web marketplace claiming to offer a full dump of Beckett's customer database. Accompanying screenshots appeared to show the platform's internal account management dashboards, with clear formatting and data structures indicative of direct backend access, rather than a simple web scrape.
Compounding the situation was the visible defacement of Beckett.com's event calendar, where unauthorized messages referencing the same leak were briefly published. The tampered page was quietly restored without explanation, and Beckett has since disabled phone support, citing high volumes of customer inquiries, raising further concerns among affected users.
Beckett Collectibles is a long-standing name in the sports card and collectibles industry, known for its card grading services, price guides, and online marketplace. The company's platform caters to a niche but high-value community of collectors, many of whom regularly engage in transactions involving rare and expensive memorabilia.
With no official statement from Beckett, users turned to third-party sources for information, some of whom reported receiving leaked email lists that appeared to align with known Beckett user data. The breach's impact is particularly troubling given the potential for targeted scams against a user base known to possess high-value assets and collectibles.
HIBP's confirmation lends significant weight to the breach's authenticity. While the platform does not rely on vendor disclosures, it applies a multi-step process to validate the provenance and integrity of leaked datasets before including them.
Impacted users should now receive HIBP notifications to reset their Beckett account passwords, as well as any others where they might be using the same credentials. Those who do should be alert for phishing emails and scam calls, monitor accounts, and check for suspicious shipping notifications or login attempts.
Leave a Reply