This post may contains affiliate links. If you use these links to buy something we may earn a commission. Thanks.
If you’re a member of BrickLink you likely got an email this morning giving a brief explanation of what happened to BrickLink.com over the last couple of days and telling you to reset your password while reassuring you there was no evidence of a problem with your account.
Smartly, they did NOT include a link to the site. Why smartly? Well, if a platform “might” have been accessed by bad actors, would you trust a link coming by email? Not me. I don’t trust most links in email. So just visit BrickLink by typing it into your browser or using your bookmark and reset your password.
Browsing the forum to get the message below, it seems that many sellers are offering discounts, free shipping and other incentives to get buyers back in the swing of ordering again. Might be a great time to order those parts you’ve been thinking about.
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we’ve further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Consider supporting Brick Brains by purchasing your LEGO from LEGO.com using our affiliate links.
We get a small percentage of the purchase total and it doesn’t change the price you pay.
