BrickLink, a Lego marketplace where users can buy and sell Lego parts, sets and minifigures, has revealed that it recently fell victim to a serious cyber attack.
The company confirmed the news via its forums, where it explained that the security team had been “actively managing” some limited suspicious activity since mid-October. Apparently someone gained access to seller accounts and sold Lego items at “huge discounts” while “fraudulently accepting payments from buyers.”
Shortly afterwards, on November 3, the company received a “threat and ransom demand,” prompting it to shut down its systems “out of an abundance of caution.” The post did not elaborate on who created the ransomware threat, what the attackers threatened, or how much money they asked for.
Risk of Lego Fan Accounts
The administrator did say there was no evidence of system compromise. Instead, they suspect credential stuffing, as they believe the attackers purchased (or stole) a username and password database elsewhere and tried to run it on the BrickLink platform until they logged into some accounts reported.
We also don’t know exactly how many accounts have been hacked in this way. The message only states that it involved a “relatively small number of BrickLink accounts.” Their real owners were notified of the breach. The company has now brought its systems back online and has urged its users to tighten security and remain vigilant.
“While we know the BrickLink site has not been compromised, we have further strengthened our security. We take the security of BrickLink and our members very seriously and will continue to improve security across the platform,” the message said.
“We have notified people where we have reason to believe that their accounts or stores may have been affected, and reminded members of ways they can make their accounts more secure and secure by practicing good data security.”
Users are advised to keep their systems patched, use antivirus and endpoint security software, and create strong, unique passwords for each individual website.
Through The edge