On Wednesday, executives told customers that a “security incident involving a malicious third party” caused the outage that has disrupted thousands of brokers and agents since last week.
At Inman Connect Las Vegas, July 30-Aug. 1, 2024, the noise and misinformation will be banished, all your big questions will be answered, and new business opportunities will be revealed. Join us.
In a surprise shift from what it had been telling thousands of its customers during an outage that lasted a full week, the real estate software company BoomTown said on Wednesday that its clients were left unable to conduct business because the site was hacked.
Inside Real Estate CEO Joe Skousen, whose company bought BoomTown last year, told his customers that a “security incident involving a malicious third party” led to problems that halted business for brokers and agents across the country since April 10. It’s unclear if the problems have been resolved for all BoomTown clients, but by Wednesday evening several had told Inman they could access the back end smoothly.
“We know that this period has tried your patience and you may have other questions,” Skousen said in the Wednesday email to clients. “While our investigation remains ongoing in partnership with law enforcement, it may take some time until our investigation is complete, but we will continue to share further details as we can.”
The update marks a shift in what BoomTown has been telling its customers and some of its employees while the company worked with forensics teams and law enforcement to secure the breach and bring agents’ CRMs, lead generators, listings and public facing websites back online.
BoomTown also dealt with upset Realtor and broker customers whose access to key parts of their business were blocked during the busy spring homebuying season.
Skousen said he didn’t believe there was a risk to customer or CRM data, though he said that the forensic investigation was ongoing. BoomTown customers also often sync up accounting and other personal information that helps them streamline their work and run their businesses.
“I run my life with BoomTown and the services they provide,” said Rowena Patton, an eXp agent in North Carolina. “A big learning from this is always download your data once a week.”
Regardless, the impact could be far-reaching for BoomTown and Inside Real Estate.
Customers said they were fielding calls from competing CRMs that were looking to capitalize on the outage by luring BoomTown clients over to them. Some said the lack of transparency during the outage and the disruption to their businesses had them looking to opt out of their year-long contracts to find another provider.
“Thank God I’m on a month-to-month” contract, said John Holahan, a Realtor in Destin, Florida. “I’ve been with them for like 8 years. I’m interviewing other providers right now.”
Others feared the outage would have both short-term and long-term impacts on the success of their business, which relies on lead generation, maintaining a database of past and potential customers and long-term strategic outreach. Virtually all of those capabilities were knocked offline during the outage, leaving even long-time BoomTown clients wondering if they’d find a new system.
“We were already in the process of moving away from them,” said Stacey Petrucci, an agent with eXp in Florida. “We just bumped up what we were doing on another platform.”
Several brokers that spoke with Inman said they had suspected a hack or other kind of ransomware was to blame, despite what the company was telling them at the time. They took to social media to demand more communication from BoomTown while they struggled to triage the effects of core components of their business being knocked offline overnight.
Skousen, meanwhile, had told them the issues were due to a “server outage,” and the company provided what many told Inman were vague and inadequate updates about what was going on.
“They had mentioned that the data was secure,” said Brad Weiner, a broker outside Atlanta. “But they wouldn’t provide any additional detail other than that. It’s disappointing.”
The misleading statements may have been given to employees as well as customers.
An employee anonymously told Inman that employees were initially told the problems were caused by a “physical infrastructure” issue.
The attack was only the latest targeting the real estate industry in recent months. In December, Mr. Cooper said that the personal information of nearly 15 million customers had been exposed during a data breach. First American Financial was also hacked in December, a breach that snarled real estate transactions toward the end of the year.
The BoomTown hack comes at a busy time for the company, which is set to host its annual conference called Unite next week in Charleston. The event is set to begin Monday.