Author:  CE_Tanja  Posted:  Dec 17, 2022 14:16  Subject:  Re: Article about a BrickLink data breach  Viewed:  150 times  Topic:  Administrative Cancel Reply

BrickLink ID Card CE_Tanja Location:  USA, California Member Since Contact Type Status Feb 17, 2021 Admin BrickLink Administrator

Please rest assured that we are taking these things very seriously. In Administrative, macebobo writes:    In Administrative, CE_Tanja writes:    Dear BrickLink members, A report has recently surfaced of a possible data breach on our website, BrickLink.com. We can assure you, our members, that we have seen no evidence of any breach of our systems and have no reason to believe that the data you entrust us with has been compromised. Yet. It is a vulnerability as stated in the article.    A short while ago, we were approached by a third party who offered their services to fix several potential security loopholes they had identified. This third party is not one of our suppliers and we did not request them to provide any analysis or diagnosis of our systems. When we did not engage the services of this third party, they apparently released this “news” that a security breach could have happened on our site. Whereas it is true that there is always a small possibility that data could be compromised on any site, we feel this report unfairly portrays our website as unsafe. Not unsafe, just vulnerable. Does this mean you are not taking it seriously and are going to do nothing to remediate the identified attack vectors? (Two issues, XSS and XXE attacks.)    We have invested substantially in our security system and are confident in its ability to keep your data safe. In addition, we strictly follow the LEGO Group standards for GDPR compliance and other legal requirements regarding the data of our users. Blah, blah, blah. Nothing to see here, ignore the minifig behind the curtain.    Thanks for you attention, and please feel free to contact the Help Desk with any questions you might have. The BrickLink Team Link for those who did not see it yesterday: https://www.bleepingcomputer.com/news/security/lego-bricklink-bugs-let-hackers-hijack-accounts-breach-servers/

Message is in Reply To:

Re: Article about a BrickLink data breach - macebobo (2470)

[...] Yet. It is a vulnerability as stated in the article. [...] Not unsafe, just vulnerable. Does this mean you are not taking it seriously and are going to do nothing to [...] (18 months ago, Dec 17, 2022, to Administrative)

Message Has 1 Reply:

Re: Article about a BrickLink data breach - macebobo (2470)

[...] That was not my take away from your initial post. It felt to me like "No big deal, these bozos are just trying to scam us into using their product/service." (18 months ago, Dec 17, 2022, to Administrative)

32 Messages in this Thread:

 Msg 1 - CE_Tanja 18 months ago Dec 17, 2022 to Administrative
 Msg 2 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative
 Msg 3 « - CE_Tanja 18 months ago Dec 17, 2022 to Administrative
 Msg 4 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative
 Msg 5 - CE_Tanja 18 months ago Dec 17, 2022 to Administrative
 Msg 6 - zorbanj (829) 18 months ago Dec 17, 2022 to Administrative
 Msg 7 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative
 Msg 8 - Nubs_Select (3839) 18 months ago Dec 17, 2022 to Administrative
 Msg 9 - 1001bricks (52505) 18 months ago Dec 18, 2022 to Administrative
 Msg 10 - Adjour (2488) 18 months ago Dec 18, 2022 to Administrative
 Msg 11 - peregrinator (786) 18 months ago Dec 17, 2022 to Administrative
 Msg 12 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative
 Msg 13 - CPgolfaddict (6613) 18 months ago Dec 17, 2022 to Administrative
 Msg 14 - SylvainLS (46) 18 months ago Dec 17, 2022 to Administrative
 Msg 15 - TheCuteGiraffe (3) 18 months ago Dec 17, 2022 to Administrative
 Msg 16 - 1001bricks (52505) 18 months ago Dec 17, 2022 to Administrative
 Msg 17 - CPgolfaddict (6613) 18 months ago Dec 17, 2022 to Administrative
 Msg 18 - 1001bricks (52505) 18 months ago Dec 17, 2022 to Administrative
 Msg 19 - jodawill (139) 18 months ago Dec 17, 2022 to Administrative
 Msg 20 - wildchicken13 (876) 18 months ago Dec 18, 2022 to Administrative
 Msg 21 - rv6abob (62) 18 months ago Dec 18, 2022 to Administrative
 Msg 22 - Shiran (0) 18 months ago Dec 20, 2022 to Administrative
 Msg 23 - macebobo (2470) 18 months ago Dec 20, 2022 to Administrative
 Msg 24 - 1001bricks (52505) 18 months ago Dec 20, 2022 to Administrative
 Msg 25 - macebobo (2470) 18 months ago Dec 20, 2022 to Administrative
 Msg 26 - 1001bricks (52505) 18 months ago Dec 20, 2022 to Administrative
 Msg 27 - StarBrick (7089) 18 months ago Dec 20, 2022 to Administrative
 Msg 28 - UTLF (1268) 18 months ago Dec 20, 2022 to Administrative
 Msg 29 - CE_Tanja 18 months ago Dec 21, 2022 to Administrative
 Msg 30 - macebobo (2470) 18 months ago Dec 24, 2022 to Administrative
 Msg 31 - Nubs_Select (3839) 18 months ago Dec 24, 2022 to Administrative
 Msg 32 - ImperialFleet (965) 18 months ago Dec 24, 2022 to Administrative