BrickLink, a Lego-owned marketplace where users can buy and sell Lego parts, sets, and minifugures, has revealed it was recently a victim of a serious cyberattack.
The company confirmed the news via its forums, where it explained that its security team was “actively managing” some limited suspicious activity since mid-October. Apparently, someone gained access to seller accounts and was selling Lego assets at “huge discounts” while “fraudulently accepting payment from buyers”.
Soon after, on November 3, the company received a “threat and ransom demand” prompting it to shut its systems down “out of an abundance of caution”. The post did not elaborate who made the ransomware threat, what the attackers were threatening with, or how much money they were asking for.
Lego fan accounts risk
The admin did say that there was no evidence of system compromise. Instead, they suspect credential stuffing, thinking the attackers bought (or stole) a username/password database elsewhere and tried it on the BrickLink platform until they logged into some accounts.
We also don’t know exactly how many accounts were compromised this way. The post only says that a “relatively small number of BrickLink accounts” were involved. Their true owners were notified of the breach. The company has now brought its systems back online, and urged its users to tighten up on security and stay vigilant.
“Although we know that the BrickLink site was not breached, we’ve further strengthened our security. We take the safety of BrickLink and our members very seriously and will continue to step up security across the platform,” the post reads.
“We’ve informed people where we have reason to believe that their accounts or stores may have been impacted, and reminded members of ways they can make their accounts safer and more secure by practicing good data security”.
Users are advised to keep their systems patched, use antivirus and endpoint security software, and create strong, unique passwords for each individual website.
Via The Verge