kzy dor ycm sgv wzr ylw ukj bww ndx tit avd dqu qof nad rzk mke oom wku xpy jfy paa wfe glc kbb gjp fig mra oml ism bas

Popular Lego marketplace went offline after a ‘ransom’ demand

Lego Batcave set.

a:hover]:text-gray-63 [&>a:hover]:shadow-underline-black dark:[&>a:hover]:text-gray-bd dark:[&>a:hover]:shadow-underline-gray [&>a]:shadow-underline-gray-63 dark:[&>a]:text-gray-bd dark:[&>a]:shadow-underline-gray”>Image: Lego

BrickLink, the unofficial online Lego parts marketplace, is back online after several days of downtime due to a cybersecurity incident that apparently targeted some merchant accounts. The company said it received a “threat and ransom demand” last Friday, presumably in regard to company or user data, leading it to shut down the site “out of an abundance of caution.”

The site has been detecting “limited suspicious activity” since mid-October, where unauthorized sellers fraudulently attempted to collect money through unrealistically discounted listings.

BrickLink says a “relatively small” amount of accounts may have been compromised but does not see any evidence that its systems were breached. It says “credential stuffing” occurred, where bad actors input compromised passwords from other sources to try to break into owners’ accounts on different sites.

Lego reviewer and blogger Jay Ong, who writes for Jay’s Brick Blog, posted that they received a message from BrickLink that all users must change their passwords. Ong says they were assured their BrickLink account was not compromised. Notably, BrickLink does not yet offer two-factor authentication, although it plans to in the future.

SOURCE

Leave a Comment