Author: | CE_Tanja | Posted: | Dec 17, 2022 14:16 | Subject: | Re: Article about a BrickLink data breach | Viewed: | 150 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Tanja
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Feb 17, 2021 |
|
Admin |
|
|
BrickLink Administrator |
|
| Please rest assured that we are taking these things very seriously.
In Administrative, macebobo writes:
| In Administrative, CE_Tanja writes:
| Dear BrickLink members,
A report has recently surfaced of a possible data breach on our website, BrickLink.com.
We can assure you, our members, that we have seen no evidence of any breach of
our systems and have no reason to believe that the data you entrust us with has
been compromised.
|
Yet. It is a vulnerability as stated in the article.
| A short while ago, we were approached by a third party who offered their services
to fix several potential security loopholes they had identified. This third party
is not one of our suppliers and we did not request them to provide any analysis
or diagnosis of our systems.
When we did not engage the services of this third party, they apparently released
this “news” that a security breach could have happened on our site. Whereas it
is true that there is always a small possibility that data could be compromised
on any site, we feel this report unfairly portrays our website as unsafe.
|
Not unsafe, just vulnerable. Does this mean you are not taking it seriously and
are going to do nothing to remediate the identified attack vectors? (Two issues,
XSS and XXE attacks.)
| We have invested substantially in our security system and are confident in its
ability to keep your data safe. In addition, we strictly follow the LEGO Group
standards for GDPR compliance and other legal requirements regarding the data
of our users.
|
Blah, blah, blah. Nothing to see here, ignore the minifig behind the curtain.
| Thanks for you attention, and please feel free to contact the Help Desk with
any questions you might have.
The BrickLink Team
|
Link for those who did not see it yesterday: https://www.bleepingcomputer.com/news/security/lego-bricklink-bugs-let-hackers-hijack-accounts-breach-servers/
|
|
|
Message is in Reply To: Message Has 1 Reply: 32 Messages in this Thread: Msg 1 - CE_Tanja 18 months ago Dec 17, 2022 to Administrative Msg 2 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative Msg 3 « - CE_Tanja 18 months ago Dec 17, 2022 to Administrative Msg 4 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative Msg 5 - CE_Tanja 18 months ago Dec 17, 2022 to Administrative Msg 6 - zorbanj (829) 18 months ago Dec 17, 2022 to Administrative Msg 7 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative Msg 8 - Nubs_Select (3839) 18 months ago Dec 17, 2022 to Administrative Msg 9 - 1001bricks (52505) 18 months ago Dec 18, 2022 to Administrative Msg 10 - Adjour (2488) 18 months ago Dec 18, 2022 to Administrative Msg 11 - peregrinator (786) 18 months ago Dec 17, 2022 to Administrative Msg 12 - macebobo (2470) 18 months ago Dec 17, 2022 to Administrative Msg 13 - CPgolfaddict (6613) 18 months ago Dec 17, 2022 to Administrative Msg 14 - SylvainLS (46) 18 months ago Dec 17, 2022 to Administrative Msg 15 - TheCuteGiraffe (3) 18 months ago Dec 17, 2022 to Administrative Msg 16 - 1001bricks (52505) 18 months ago Dec 17, 2022 to Administrative Msg 17 - CPgolfaddict (6613) 18 months ago Dec 17, 2022 to Administrative Msg 18 - 1001bricks (52505) 18 months ago Dec 17, 2022 to Administrative Msg 19 - jodawill (139) 18 months ago Dec 17, 2022 to Administrative Msg 20 - wildchicken13 (876) 18 months ago Dec 18, 2022 to Administrative Msg 21 - rv6abob (62) 18 months ago Dec 18, 2022 to Administrative Msg 22 - Shiran (0) 18 months ago Dec 20, 2022 to Administrative Msg 23 - macebobo (2470) 18 months ago Dec 20, 2022 to Administrative Msg 24 - 1001bricks (52505) 18 months ago Dec 20, 2022 to Administrative Msg 25 - macebobo (2470) 18 months ago Dec 20, 2022 to Administrative Msg 26 - 1001bricks (52505) 18 months ago Dec 20, 2022 to Administrative Msg 27 - StarBrick (7089) 18 months ago Dec 20, 2022 to Administrative Msg 28 - UTLF (1268) 18 months ago Dec 20, 2022 to Administrative Msg 29 - CE_Tanja 18 months ago Dec 21, 2022 to Administrative Msg 30 - macebobo (2470) 18 months ago Dec 24, 2022 to Administrative Msg 31 - Nubs_Select (3839) 18 months ago Dec 24, 2022 to Administrative Msg 32 - ImperialFleet (965) 18 months ago Dec 24, 2022 to Administrative
Entire thread on one page This message and all its replies on one page
|