advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

LEGO marketplace instructs users to change passwords following incident

  • LEGO owned marketplace BrickLand took mitigation measures when it suspected users may be at risk.
  • While some accounts may have been accessed without authorisation, BrickLink believes this was made possible through credential stuffing.
  • Users have been asked to update their passwords as a mitigation measure.

A marketplace where folks can buy and sell LEGO parts is instructing users to change their passwords following a cybersecurity incident.

Last week on 3rd November BrickLink received a ransom demand. The operators of the marketplace told users in a forum post this week that it was aware of and was actively managing “some limited suspicious activity since mid-October”. This may have angered those operating the accounts linked to that suspicious activity as BrickLink then received a threat and ransom demand.

In response, the operators took the marketplace offline in a bid to protect users and retain complete control of their platform. Unfortunately, there was cause for concern despite these mitigation measures.

“We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised,” BrickLink wrote.

The platform notes that there is a possibility these accounts were accessed via credential stuffing where cybercriminals use details that were obtained from other sources to access accounts on other platforms.

It appears then, at least at this stage, that unauthorised account access wasn’t made possible through a breach at BrickLink. Despite this, BrickLink has told its users to update their passwords.

“There is no evidence to suggest that your BrickLink account has been compromised. However, as a precaution we’re asking you to update your password. Please go to the BrickLink site and start the process of resetting your password by following the prompts during login,” BrickLink told users.

Developers who make use of BrickLink’s API will also need to generate a new API key.

Truth be told, BrickLink handled this incident rather well and it’s good to see a company taking even so much as a threat of a breach as seriously as this. We recommend BrickLink users log in and change their password as soon as is feasibly possible.

[Image – Glen Carrie on Unsplash]

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

SA saying “Goodbye malaria!”

SPEEDRUN – Nearly half of SA companies are using Gen AI

Start saving for LEGO’s May releases in South Africa

Zuckerberg warns Meta investors that profits from AI will take time

How to turn off the ads in the Windows 11 Start menu

Biden makes TikTok ban official, ByteDance has one year to sell

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.