Sedo hacked over the weekend

Intrusion resulted in confirmation emails sent to a “small number” of customers.

SedoSedo was compromised over the weekend due to a security hole.

This resulted in a number of registered Sedo users, including myself, receiving an email asking them to confirm their account. The confirmation email started:

Dear Andrew,

Thank you for becoming a Sedo member!

In order to submit your offer for you must first verify that the email you provided is a valid email address.

Sedo sent the following email to affected members today:

Dear Andrew Allemann,

We wish to inform you that on Saturday, 12th April, the Sedo website was compromised by an unknown intruder through a previously unknown security loophole. This resulted in an unauthorized email with the subject “Confirm your Sedo Account” being sent to a small number of our customers.

Our immediate investigation into the matter has shown that your email address was unfortunately one of those affected. That means that the intruder has got your email address only. NO other data has been compromised, i.e. no passwords or other account information was obtained. The security vulnerability was closed as soon as it was detected and any further unauthorized access was successfully prevented. This means that your Sedo account is safe, and you do not need to take any action to safeguard data stored in your account. Clicking on the link in the unauthorized email has no adverse effects.
If you have any questions we will be happy to help you. Please contact your account manager or visit our customer support center at

We apologize for any inconvenience this issue may has caused.


  1. Luc says

    Same here. I received 2 for 2 different emails. One one from and the other from going to 2 different emails/accounts I have there.

  2. accent says

    They have your, and my, name and the fact that we use Sedo. That is more than just the email address.

    I am angry with them for blowing a sale for me last week with nonsense “security”, anyway. When I called them they were in chaos.

  3. says

    I can confirm the link does log you into your own account automatically.

    However, this is not an indication of any info being compromised. The hacker seems to have taken advantage of a glitch that sent out hashed links to a yet to be determined number of Sedo account holders. In other words, the link was only sent to the members en masse.

    Of course, it’s time to change passwords, yet again.

  4. Snoopy says

    I’ve got three Sedo accounts and got an email for each, so you can be sure this wasn’t a “small number”.

  5. Simon Speight says

    I received one of the first emails from – thought it was dodgy given the Heartbleed stuff, but the links looked legit. Didn’t action it though. I’ve never received (yet) the follow up email from Sedo explaining the situation.

Leave a Reply