Phishing attempts were reported against of two of the nation’s largest multiple listing services (MLS), FlexMLS and Matrix, which they said compromised access to a handful of members login credentials. Out of an abundance of caution to address the issue, all members of the two MLSs were required to rest their passwords.
FlexMLS’s website shows its membership at 334,000 members, while Matrix, an MLS software provider managed by real estate data firm Cotality (formerly CoreLogic) serves over a million members from several major MLSs including CRMLS, Stellar MLS, Bright MLS, OneKey MLS and others. Reports indicate the breach did not affect all members of either organization.
Merri Jo Cowen, CEO of Stellar MLS, said the organization took immediate action Friday when they became aware of the coordinated attempt by a third party to access their systems through Matrix.
“Out of an abundance of caution, we immediately notified our customers, took swift action to protect their accounts, and reset all login credentials,” Cowen said. “Thanks to our proactive security protocols, most notably the recent implementation of multi-factor authentication (MFA), Stellar MLS customers were not impacted by this compromised access.”
“As part of our ongoing commitment to security and staying ahead of evolving threats, Stellar MLS is continually enhancing safeguards and support systems to meet emerging customer needs and we remain vigilant in protecting the integrity of our systems and the trust our customers place in us every day,” she added.
Tim Dain, Northstar MLS CEO, wrote last week that Cotality notified them after “detecting spamming activity from an authenticated NorthstarMLS Matrix user account whose credentials were compromised.”
“No account information was compromised or stolen,” Dain wrote. “I sincerely apologize for any inconvenience or frustration you may have experienced on Saturday. Your security is our top priority, and we appreciate your continued trust in NorthstarMLS.”
A message sent out Friday to members of the Greater Albuquerque Association of REALTORS (GAAR), positioned the phishing attempt as reaching a limited number of FlexMLS users and listed the following as a summary of the incident and protocol moving ahead:
No internal systems were compromised.
Attackers are using previously exposed login credentials (a tactic known as credential stuffing).
Affected accounts have been locked, and MLSs are being contacted directly.
Additional monitoring and security measures are being implemented.
GAAR Members use single sign-on to access FlexMLS through the Member Portal, which is why you’ll need to update your Member Portal login.
Passwords will need to be updated every 6 months going forward.
“We’ll continue investigating and enhancing protections. Our top priority remains the security of your data and account integrity,” GAAR stated.
To protect from these types of breaches MLS software firm Rappatoni, which experienced a major security breach in 2023, suggests training on strong password management and recognizing phishing attempts as well as avoiding suspicious email attachments and implementing two-factor authentication to add an extra layer of security by requiring users to verify their identity through a secondary method, such as a unique code sent to their mobile device.
