- LEGO owned marketplace BrickLand took mitigation measures when it suspected users may be at risk.
- While some accounts may have been accessed without authorisation, BrickLink believes this was made possible through credential stuffing.
- Users have been asked to update their passwords as a mitigation measure.
A marketplace where folks can buy and sell LEGO parts is instructing users to change their passwords following a cybersecurity incident.
Last week on 3rd November BrickLink received a ransom demand. The operators of the marketplace told users in a forum post this week that it was aware of and was actively managing “some limited suspicious activity since mid-October”. This may have angered those operating the accounts linked to that suspicious activity as BrickLink then received a threat and ransom demand.
In response, the operators took the marketplace offline in a bid to protect users and retain complete control of their platform. Unfortunately, there was cause for concern despite these mitigation measures.
“We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised,” BrickLink wrote.
The platform notes that there is a possibility these accounts were accessed via credential stuffing where cybercriminals use details that were obtained from other sources to access accounts on other platforms.
It appears then, at least at this stage, that unauthorised account access wasn’t made possible through a breach at BrickLink. Despite this, BrickLink has told its users to update their passwords.
“There is no evidence to suggest that your BrickLink account has been compromised. However, as a precaution we’re asking you to update your password. Please go to the BrickLink site and start the process of resetting your password by following the prompts during login,” BrickLink told users.
Developers who make use of BrickLink’s API will also need to generate a new API key.
Truth be told, BrickLink handled this incident rather well and it’s good to see a company taking even so much as a threat of a breach as seriously as this. We recommend BrickLink users log in and change their password as soon as is feasibly possible.