How agents are working around the cyberattack that shut down MLS access in parts of 12 states
The “crisis” hit Dorothea Snyder Aug. 9, and the challenge for her and other real estate agents in Northwest Indiana has been worse than the height of the COVID-19 pandemic, she said.
This month, cyberhackers attacked real estate software provider Rapattoni, locking out an estimated 5% of agents across the country from their Multiple Listing Services, and it remains unclear when the problem will be solved.
“We’ve all been in crisis mode,” said Snyder, an agent with Coldwell Banker in Valparaiso. “Without the MLS, we can’t find properties that are for sale for our clients, and it has really impacted our ability to help our clients. Right now there’s no access to new listings. Since Aug. 9, we’re nowhere on the internet.”
The ransomware attack also rendered appraisers in affected markets unable to do their jobs because they no longer have access to sales data for their comps though their MLSs.
Rapattoni lists clients in 12 states, including Florida, Massachusetts, Michigan, Indiana, New York and California. The company’s services extend to providing agents with a single sign-on portal for accessing tools such as ShowingTime, Cloud CMA and iMapp, making it easy to access software from mobile devices. Rapattoni also provides MLSs with member data services, meaning the outage has left agents unable to access information about other members.
Agents have shared stories of empty open houses and turning to social media to share news of new listings. The chaos rippled through the industry, and even real estate professionals and MLS leaders not affected by the shutdown are wondering: What if the same thing happens here?
Rapattoni, based in Southern California and in operation since 1970, has told clients the FBI is investigating the cyberattack, and the company is working to restore services.
“We are continuing to investigate the cyber-attack that has caused a system outage, and are working diligently to get systems restored as soon as possible,” the company posted to Twitter Aug. 13. “All technical resources at our disposal are continuing to work through the weekend. We still do not have an ETA at this time.”
In a memo to clients dated Aug. 15 and posted online by the Firelands Association of Realtors in Sandusky, Ohio, Rapattoni offered assurances that “all sensitive data stored in Rapattoni AMS databases is encrypted. To date, we have no evidence that personal information has been impacted. If it is discovered that any sensitive data is impacted, we will immediately alert you and determine the best course of action.”
Working around the freeze
The data freeze led local and regional MLSs to find creative ways to work around the outage and encouraged cooperation throughout the industry. California Regional MLS devised a temporary access plan “to help impacted agents add, edit and manage their listings and get back into business” by filling out and emailing a form.
In Massachusetts, the Cape Cod & Islands Association of Realtors provided a list of services that are still available on its website, as well as tutorials for accessing Remine documents and FlexMLS.
In Ohio, the Realtor Alliance of Greater Cincinnati’s Cincy MLS set up a temporary database for new listings.
Members of the Northwest Indiana Realtors Association (NIRA) turned to Facebook and dual-licensed agents for help.
“The cooperation of agents and other real estate offices has been stunning,” Snyder said. “We’ve had several agents who have said, ‘I will input your new listing in Indiana onto the Illinois site, I will take the time to do that, and I will do it for free.’ That way, at least we are getting them into an MLS somewhere, and the key to that is location. Because once it’s in a system in an MLS anywhere, then it will transport to Zillow and Realtor.com and HomeSnap and ShowingTime, so that at least our new listings are getting the exposure that they need for other agents and for clients to be able to find them somewhere.”
NIRA’s board established a Facebook account for members to use to exchange information about listings.
“All we’re doing is posting things like, ‘I have a new listing, here are bare bones, here are some of the features and a couple pictures. If you have somebody interested in this, please give me a call,’” Snyder said. “The other half of that is we have agents who are posting on Facebook, ‘Help, I’m looking for something. I’m looking for a three bedroom, two bath in [name the community]. And does anyone have anything that would work?’ The flexibility and the resilience of real estate agents… we had good practice with COVID, but this even surpasses that in that we really have nothing to go on.”
Dodging disruption
Though the Rapattoni cyberattack affects thousands of agents in markets of all sizes, most MLSs were not directly affected and their members have maintained the same access as before. The Houston Association of Realtors — the second-largest local Realtor association in the U.S. — avoided disruption, for instance.
“HAR was fortunately unaffected by the Rapattoni data breach because we have never used that service for the Houston MLS,” said a HAR spokesperson. “We use Matrix. All of our member data is secured in local servers. HAR has therefore not received a single call or complaint about any of this.”
Georgia MLS, which serves the Atlanta area, works with Rapattoni but has not been affected by the cyberattack.
“We use the Rapattoni Membership system but not their MLS platform,” said Georgia MLS Chief Marketing Officer John Ryan. “We have not been affected as we host our own membership data and don’t use their hosting solution.”
MIAMI Realtors, serving the Miami, Florida area, provides members with access to the Rapattoni MLS front end. However, the association avoided major disruptions by also offering front-end MLS services through CoreLogic Matrix and Remine, according to MIAMI Realtors Chief of MLS and Innovation Liz Spurrock.
“While Rapattoni is not usable for our members, our other products are, and we’ve been able to provide seamless service,” Spurrock said. “There are people who prefer to use Rapattoni because they like the map search better, but all of the data and all of the input, updating syndication, everything is available to our members. There’s been no interruption of service.”
Spurrock described MIAMI Realtors as being lucky in avoiding major disruptions, but also emphasized the care that the association takes when choosing and vetting vendors.
“We are very careful to work with our vendors, review their security postures and policies, and ensure that our members’ data is protected at all times, as are any assets of the association,” she said. “We ask them about typical cyber security procedures, segmentation of duty, a Data Access inventory, regular updates and patching. Usage of SSL, the SSL tunnels and stuff are all updated to the most recent versions, regular penetration tests being passed. Again, all of the standard cybersecurity requirements that one would need to run a successful business.”
The attack on Rapattoni serves as a reminder to businesses and individuals to take steps to protect data and personal information to help limit hacks. MIAMI Realtors works with agents and brokers to establish digital security practices that can protect their systems, Spurrock said.
“We educate our agents and our brokers on what they can do without spending a lot of money,” Spurrock said. “Things like password vault, unique passwords, again, keeping things patched and updated, not giving everybody access to every system, so segmentation of duties, and that data assets inventory. It’s some work upfront, but you can do it inexpensively or for very little or for free.”
Offering three front-end MLS options provides an added layer of protection, giving clients more avenues for continuing their work if one service goes down.
“We have multiple versions of many of our products,” Spurrock said. “We offer multiple tax services, multiple MLS front ends of choice. And by doing that, we always have a backup solution that we can work with, and we have great relationships with our vendors. So I hope we’re never ever in any position like this, but we would have an option to get something up and running as quickly as possible by having various vendors that we work with throughout the technology space making sure that any interruption to service would be minimal. So far that has not been an issue.”
What’s next?
In a ransomware attack, hackers typically block access to a company’s network and data unless the company pays the hackers a fee to regain access. That puts companies in a difficult spot where the options are to deal with the hackers or spend time and money to rebuild their networks, which could be fatal for the business.
“I know the FBI always strongly encourages you to not pay the fines, not pay the ransom,” Snyder said. “And so our board and Rapattoni, of course, are trying to reconstruct all their databases. I understand Rapattoni had put on 300 servers extra servers to try to pull it together. I’ve been telling [clients] the truth, that hackers are holding our MLS for ransom. It’s a national problem for anyone using Rapattoni, and we are using every possible tool to work around the problem and still be able to serve their needs.”
Spurrock expressed sympathy for Rapattoni.
“I’ve been in IT for a long time, and I’m so sorry that this is happening to them,” Spurrock said. “I mean, we’ve all been through an outage here and there, but this is the whole next level. And it’s devastating. I’m so sorry for them. You just really hope that they’re able to come out on the other side.”