Author:  ralphs_bricks  Posted:  Nov 8, 2023 13:31  Subject:  Re: Update on November 3rd incident  Viewed:  128 times  Topic:  Technical Issues Cancel Reply

BrickLink ID Card ralphs_bricks (2277) Location:  USA, New York Member Since Contact Type Status Collage Feb 13, 2017 Seller Store: Ralph's Bricks & Minifigs

In Administrative, Admin_Russell writes:    Dear BrickLink members, Welcome back and thank you for your patience. We were down for longer than anyone would have wanted. Now that we’re back up and running, we can share with you what’s happened. As many of you will know, we received a threat and ransom demand on Friday, November 3rd. We’d been aware of and actively managing some limited suspicious activity since mid-October, with unauthorized sellers offering products at huge discounts and fraudulently accepting payment from buyers. As soon as we were aware of the potential escalation on November 3rd, we put the site into maintenance mode out of an abundance of caution. We did this to protect our members and keep complete control of the platform while investigating. We found that a relatively small number of BrickLink accounts may have been accessed. It is important to note that there is no evidence so far that our systems were compromised. At this stage we believe this was a ‘credential stuffing’ incident, where someone obtains lists of usernames and passwords from a third party, often illegally, and opportunistically tries to use them on a website. Actions we’ve taken Although we know that the BrickLink site was not breached, we've further strengthened our security. We take the safety of BrickLink and our members very seriously and will continue to step up security across the platform. We’ve informed people where we have reason to believe that their accounts or stores may have been impacted, and reminded members of ways they can make their accounts safer and more secure by practicing good data security. Keep your systems up-to-date with the latest patches, Use security software and create strong, unique passwords for each website you use. Again, we’re sorry for the interruption and inconvenience this has caused you. If you have any questions or concerns, have a look at the FAQ for more details, or reach out to customersupport@bricklink.com. Many thanks, Your BrickLink Team Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru email notification.

Message is in Reply To:

Update on November 3rd incident - Admin_Russell

Dear BrickLink members, Welcome back and thank you for your patience. We were down for longer than anyone would have wanted. Now that we’re back up and running, we can share [...] (7 months ago, Nov 8, 2023, to Administrative)

Message Has 6 Replies:

Re: Update on November 3rd incident - BricksOfFaith (153)

[...] I sent one without issue through safari. (7 months ago, Nov 8, 2023, to Administrative)

Re: Update on November 3rd incident - Stellar (3546)

[...] Sent one just after seeing your message and mine worked fine! (7 months ago, Nov 8, 2023, to Administrative)

Re: Update on November 3rd incident - ralphs_bricks (2277)

[...] I was able to do a mass drive thru for my orders but individual drive thrus are still coming up as 403 Forbidden for me. (7 months ago, Nov 8, 2023, to Technical Issues)

Re: Update on November 3rd incident - Luxurybricks (2631)

[...] Same here, also when I try to change the order status (7 months ago, Nov 8, 2023, to Technical Issues)

Re: Update on November 3rd incident - BricksOfFaith (153)

[...] Been getting the same error when trying to send a quote… others with sending invoices (7 months ago, Nov 8, 2023, to Technical Issues)

Re: Update on November 3rd incident - CE_Uday

[...] Our team is aware of a few 403 Forbidden errors and they're working on correcting them. Thank you all for your continued patience. (7 months ago, Nov 9, 2023, to Technical Issues)

226 Messages in this Thread.
(Message tree supressed because there are more than 50 messages in this thread)
show message tree