The ASX-listed operator of property sites like realestate.com.au said it faced increasingly sophisticated attempts to scrape its content for monetization elsewhere.
It also suspected it was the target of credential-stuffing attacks, where bots aimed reams of stolen credentials at its websites in the hope that some logins worked, allowing attackers to take over those accounts.
“One thing that [real estate listing platforms] have in common is they're pretty much a treasure trove of data,” REA Group Systems Manager Andrew Logue told the recent AppSec Day Australia conference.
The data is not just REA’s. Increasingly, third-party data, such as performance data of local schools, is surfaced through real estate listing sites.
Logue explained:
“The problem with that is we're now not only safeguarding our own intellectual property, we're safeguarding somebody else's.
“And if you read the terms and conditions when you sign up to a third party, they're probably going to say, 'If you access our data feeds, you've got to make sure that nobody's going to scrape them'.
“We're going to put them on the public internet - so anyway, that's another hard problem.”
Read more here