  
| Author: | stripes  | | Posted: | Nov 13, 2023 15:05 | | Subject: | Re: Update on November 3rd incident | | Viewed: | 56 times | | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| | Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
|
Message is in Reply To:  Update on November 3rd incident - Admin_Russell | Dear BrickLink members, Welcome back and thank you for your patience. We were down for longer than anyone would have wanted. Now that we’re back up and running, we can share [...]
(7 months ago, Nov 8, 2023, to Administrative) |
Message Has 1 Reply: 226 Messages in this Thread.
(Message tree supressed because there are more than 50 messages in this thread)
show message tree
Entire thread on one page
This message and all its replies on one page
|
|
USA, Colorado
