|
|
| | Author: | Admin_Russell | Posted: | Nov 8, 2023 13:07 | Subject: | Update on November 3rd incident | Viewed: | 5301 times | Topic: | Administrative | |
|
|
BrickLink ID CardAdmin_Russell
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
May 9, 2017 |
|
Admin |
|
|
BrickLink Administrator |
|
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
| | | | | |
| | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 13:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 218 times | Topic: | Administrative | |
|
| Thankyou for the update! 🍕🍕🍕 |
|
| | | | | | | | | |
| | | | | | Author: | breesy | Posted: | Nov 8, 2023 20:44 | Subject: | Re: Update on November 3rd incident | Viewed: | 95 times | Topic: | Administrative | |
|
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
A couple of thoughts:
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
Thanks
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Khyron68 | Posted: | Nov 8, 2023 23:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, breesy writes:
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
A couple of thoughts:
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
Thanks
|
Firstly "A couple" means 2 not 4
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | lostcarpark | Posted: | Nov 9, 2023 02:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| In Administrative, Khyron68 writes:
| Firstly "A couple" means 2 not 4
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
|
The announcement (probably wisely) does not give details of the ransom threat.
I, fairly regularly, receive ransom threats for sites I maintain. In general
they don't say anything more than "I've hacked your site. Send me
X Bitcoin or I will do something bad".
If a ransomer wants me to take their threat seriously, they need to include some
information that they couldn't know without having access to the website
internals. As I say we don't know what information the ransomer had.
As I don't run a global marketplace with millions of users, and the consequences
of a Ransomer carrying out any such threat would be much lower, I feel I can
safely ignore these threats.
I applaud Bricklink for taking quick and decisive action.
I do, however, encourage the introduction of 2FA.
|
|
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | Give.Me.A.Brick | Posted: | Nov 9, 2023 03:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 10:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 119 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | Author: | TorontoLego | Posted: | Nov 9, 2023 11:26 | Subject: | Re: Update on November 3rd incident | Viewed: | 72 times | Topic: | Administrative | |
|
| I'm literally dying.
In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 11:58 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, TorontoLego writes:
Not the intent - Just saying (Mitigating any potential charges to at
most 2nd degree manslaughter)
Signed: popsicle
|
In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | Author: | Give.Me.A.Brick | Posted: | Nov 9, 2023 14:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
No no no.
On that sense, a couple is just and only 2.
My couple of cents, anyway
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 14:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 75 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
No no no.
On that sense, a couple is just and only 2.
My couple of cents, anyway
|
I know that you understand that. Just having some fun
The English language of all the world's major languages, is a wonderful playground
of sorts, with it's massive vocabulary and seemingly endless exceptions to
it's rules.
-Cory
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | r0bb | Posted: | Nov 9, 2023 14:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 158 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| My couple of cents, anyway
|
Wow, I don't think you ever offered anything for a couple of cents on here!
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | Author: | A_Chicken | Posted: | Dec 17, 2023 00:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 138 times | Topic: | Administrative | |
|
| *dies of cringe* |
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | Author: | SeaBRICKLin_213 | Posted: | Jan 2, 2024 20:15 | Subject: | Re: Update on November 3rd incident | Viewed: | 109 times | Topic: | Administrative | |
|
| In Administrative, A_Chicken writes:
For real dude. This forum may be too cringy.
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | | | Author: | 1001bricks | Posted: | Jan 2, 2024 20:59 | Subject: | Re: Update on November 3rd incident | Viewed: | 126 times | Topic: | Administrative | |
|
| In Administrative, SeaBRICKLin_213 writes:
| In Administrative, A_Chicken writes:
For real dude. This forum may be too cringy.
|
I must say, r0bb reply here was really hilarious
https://www.bricklink.com/message.asp?ID=1438223
|
|
| | | | | | | | | |
| | | | | | Author: | Milann | Posted: | Feb 11, 2024 18:57 | Subject: | Re: Update on November 3rd incident | Viewed: | 104 times | Topic: | Administrative | |
|
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
|
|
| | | | | |
| | | | Author: | TheBrickGuys | Posted: | Nov 8, 2023 13:11 | Subject: | Re: Update on November 3rd incident | Viewed: | 145 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks for working to get us back up and running quickly. It was surprising just
how much we depend on BrickLink, I felt literally lost at times without it so
thanks again.
Jim.
|
|
|
| | | | | |
| | | | Author: | Stuart9 | Posted: | Nov 8, 2023 13:16 | Subject: | Re: Update on November 3rd incident | Viewed: | 99 times | Topic: | Administrative | |
|
| Thank you everyone at BL. 👍👏🙂
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Tracyd | Posted: | Nov 8, 2023 13:17 | Subject: | Re: Update on November 3rd incident | Viewed: | 101 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you and great job on stopping the issue when it became apparent and finding
out what was impacted.
|
|
|
| | | | | |
| | | | Author: | 3001Bricks | Posted: | Nov 8, 2023 13:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 84 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you!
|
|
|
| | | | | |
| | | | Author: | jbricks | Posted: | Nov 8, 2023 13:23 | Subject: | Re: November 3rd incident new safety features. | Viewed: | 95 times | Topic: | Administrative | |
|
| Good to see that there are new safetyprotocols with the login process.
Emails if new devices login,
Emails that you want to change your password.
That is very helpfull for this case,
Although it took a very long time to be back up again, (waiting always looks
like ages and ages)
We are happy to see that this is taken seriously,
Happy shopping everyone,
|
|
| | | | | |
| | | | Author: | Admin_Russell | Posted: | Nov 8, 2023 13:23 | Subject: | Re: Update on November 3rd incident | Viewed: | 317 times | Topic: | Administrative | |
|
|
BrickLink ID CardAdmin_Russell
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
May 9, 2017 |
|
Admin |
|
|
BrickLink Administrator |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Here is an FAQ with more information:
https://www.bricklink.com/help.asp?helpID=2613
|
|
|
| | | | | | | | | |
| | | | | | Author: | zorbanj | Posted: | Nov 8, 2023 13:36 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Administrative | |
|
| What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
In Administrative, Admin_Russell writes:
|
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | zorbanj | Posted: | Nov 9, 2023 13:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 36 times | Topic: | Administrative | |
|
| Very nice, thanks for adding it!
In Administrative, CE_Uday writes:
| In Administrative, zorbanj writes:
| What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
|
Thank you!
There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
|
|
|
| | | | | |
| | | | Author: | macebobo | Posted: | Nov 8, 2023 13:23 | Subject: | Re: Update on November 3rd incident | Viewed: | 69 times | Topic: | Administrative | |
|
| Thank you Russell and team! |
|
| | | | | |
| | | | Author: | Zixx | Posted: | Nov 8, 2023 13:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Thank you for all the behind the scenes work that many put in to the site to
get it back up and running.
Your hard work is truly appreciated!
|
|
| | | | | |
| | | | Author: | BigBBricks | Posted: | Nov 8, 2023 13:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 109 times | Topic: | Administrative | |
|
| Thanks to you and the team for getting this turned back on quickly, given the
timing, it could have been much worse. And the offer to buy coffee for the team
still stands.
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:31 | Subject: | (Cancelled) | Viewed: | 53 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | ralphs_bricks | Posted: | Nov 8, 2023 13:31 | Subject: | Re: Update on November 3rd incident | Viewed: | 127 times | Topic: | Technical Issues | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, ralphs_bricks writes:
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
I sent one without issue through safari.
|
|
| | | | | | | | | |
| | | | | | Author: | Stellar | Posted: | Nov 8, 2023 13:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| In Administrative, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Sent one just after seeing your message and mine worked fine!
|
|
|
| | | | | | | | | |
| | | | | | Author: | ralphs_bricks | Posted: | Nov 8, 2023 13:42 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Technical Issues | |
|
| In Administrative, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
I was able to do a mass drive thru for my orders but individual drive thrus are
still coming up as 403 Forbidden for me.
|
|
|
| | | | | | | | | |
| | | | | | Author: | Luxurybricks | Posted: | Nov 8, 2023 14:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Technical Issues | |
|
| In Technical Issues, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Same here, also when I try to change the order status
|
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 16:36 | Subject: | Re: Update on November 3rd incident | Viewed: | 97 times | Topic: | Technical Issues | |
|
| In Technical Issues, ralphs_bricks writes:
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Been getting the same error when trying to send a quote… others with sending
invoices
|
|
| | | | | | |
| | | | Author: | MEAD_Bricks | Posted: | Nov 8, 2023 13:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 62 times | Topic: | Administrative | |
|
| Thank you! |
|
| | | | | |
| | | | Author: | WhiteHorseMatt | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 65 times | Topic: | Technical Issues | |
|
| Are there any plans to implement Two factor authentication for sign in following
the issues?
Matt
|
|
| | | | | | |
| | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| Thank you guys for everything you’ve done this week!! |
|
| | | | | |
| | | | Author: | LegendaryConch | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| Thank you to everyone over at the Bricklink Team! Your hard work and dedication
are greatly appreciated. 🙏
|
|
| | | | | |
| | | | Author: | PlanetEarthToys | Posted: | Nov 8, 2023 13:36 | Subject: | (Cancelled) | Viewed: | 95 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | | | | | |
| | | | | | Author: | rtzx9r | Posted: | Nov 8, 2023 13:40 | Subject: | (Cancelled) | Viewed: | 104 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | coevorden01 | Posted: | Nov 8, 2023 13:53 | Subject: | (Cancelled) | Viewed: | 53 times | Topic: | Administrative | |
|
| In Administrative, rtzx9r writes:
thxs !!!!
|
|
| | | | | | | | | |
| | | | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:52 | Subject: | (Cancelled) | Viewed: | 44 times | Topic: | Administrative | |
|
| Huh?? |
|
| | | | | |
| | | | Author: | Averip | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you for the update, really appreciated !
|
|
|
| | | | | |
| | | | Author: | librarian | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks for the update.
Chip
|
|
|
| | | | | |
| | | | Author: | Steineflut | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 83 times | Topic: | Administrative | |
|
| Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thanks again 👍
|
|
| | | | | | | | | | |
| | | | | | Author: | bricknovice | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| In Administrative, Steineflut writes:
| Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thanks again 👍
|
Thank you to the BrickLink team for working tirelessly through the long days
and nights to flush out the bad actors and get the site back up and running as
quickly as possible. Definitely missed the site the last few days and am so glad
to have it back up.
I second the request to ensure the fraudulent transactions have been removed
from the price guide.
Thanks again!
|
|
|
| | | | | | |
| | | | Author: | Stankec1983 | Posted: | Nov 8, 2023 13:39 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| Thank you! Cheers from Croatia! |
|
| | | | | |
| | | | Author: | Tuzi | Posted: | Nov 8, 2023 13:44 | Subject: | Re: Update on November 3rd incident | Viewed: | 59 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
....
|
Thank you for your hard work! I hope two-factor authentication will be added
soon to prevent this scenario from happening again
|
|
| | | | | | |
| | | | Author: | Jaabo | Posted: | Nov 8, 2023 13:45 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Administrative | |
|
| Thank you very much!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | WonderlandToys | Posted: | Nov 8, 2023 13:48 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| Thanks to the entire bricklink team for getting the site back up and running! |
|
| | | | | |
| | | | Author: | Rob_and_Shelagh | Posted: | Nov 8, 2023 13:49 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Dear Bricklink team,
Thanks to all who worked hard to restore the site and continue to support our
activities here, we really appreciate it!
Best regards,
Robert & Shelagh
Yellow Farm Bricks
|
|
| | | | | |
| | | | Author: | Familybuild | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 42 times | Topic: | Administrative | |
|
| Thank you for all the hard work.
And long hours needed to confront this head on.
great job you all.
|
|
| | | | | |
| | | | Author: | MAGICBRICKS | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| So many thanks for your great work, safety eyes 👀 and I think weckte all very
happy to have back this fantastic platform. And now…..SHOOOOOOOPPING 🤑🤑🤑
Sascha / MAGICBRICKS
|
|
| | | | | |
| | | | Author: | BubbaVonBraun | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| Folks,
Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.
Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.
Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.
You all deserve our thanks.
Best Regards
BvB.
|
|
| | | | | | |
| | | | Author: | Give.Me.A.Brick | Posted: | Nov 8, 2023 13:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Administrative | |
|
| A huge THANK YOU Russell and everyone on the BrickLink Team!
We are very grateful for all the hard work and sleepless nights you all have
put to safely reopen this much missed site
All the best to Bricklink!
|
|
| | | | | |
| | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
|
|
| | | | | |
| | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
|
|
| | | | | |
| | | | Author: | jodawill | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.
Is there any chance we could get TOTP 2FA and longer passwords?
|
|
|
| | | | | | |
| | | | Author: | calebfishn | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 45 times | Topic: | Administrative | |
|
| Life support systems re-activated.
Thanks.
|
|
| | | | | |
| | | | Author: | BrickSteinBe | Posted: | Nov 8, 2023 14:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 42 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks! Time for some welldeserved sleep for you
|
|
|
| | | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 14:10 | Subject: | Re: Update on November 3rd incident | Viewed: | 76 times | Topic: | Administrative | |
|
| |
|
| | | | | | | | | |
| | | | | | Author: | macebobo | Posted: | Nov 8, 2023 16:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 81 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
I was feeling the same way! I think I am addicted to love, er, Bricklink.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | SylvainLS | Posted: | Nov 8, 2023 16:40 | Subject: | Re: Update on November 3rd incident | Viewed: | 70 times | Topic: | Administrative | |
|
| In Administrative, macebobo writes:
| In Administrative, SylvainLS writes:
I was feeling the same way! I think I am addicted to love, er, Bricklink.
|
And chocolate?
I need a 5th image: the site is back online!
|
|
| | | | | |
| | | | Author: | pineBRICKS | Posted: | Nov 8, 2023 14:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 35 times | Topic: | Administrative | |
|
| Thank you Bricklink team for all your efforts! |
|
| | | | | |
| | | | Author: | Thoi4125 | Posted: | Nov 8, 2023 14:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 46 times | Topic: | Administrative | |
|
| Thank you for being so transparent and proactive!.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
| | | | | |
| | | | Author: | CE_Tanja | Posted: | Nov 8, 2023 14:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 121 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Tanja
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Feb 17, 2021 |
|
Admin |
|
|
BrickLink Administrator |
|
| Thank you for all your kind thoughts!
For good reason we are currently experiencing a very high load on our systems
due to seller activity.
We understand that everyone is keen to get everything back in order so we have
temporarily paused the cart algorithm for the MOC Pop-up store to increase capacity.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | oaktree | Posted: | Nov 8, 2023 14:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 70 times | Topic: | Administrative | |
|
| Many thanks to everyone at BrickLink for all the hard work of getting everything
back up and running for us!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | jonwil | Posted: | Nov 8, 2023 14:07 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.
|
|
| | | | | | |
| | | | Author: | CanadaFirst | Posted: | Nov 8, 2023 14:08 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| Thank you for the hard work your team put in, it's really appreciated! |
|
| | | | | |
| | | | Author: | CE_Tanja | Posted: | Nov 8, 2023 14:08 | Subject: | Re: Update on November 3rd incident | Viewed: | 127 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Tanja
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Feb 17, 2021 |
|
Admin |
|
|
BrickLink Administrator |
|
| We are seeing a high number of Helpdesk tickets related to entering the site
due to added security measures. We will be looking in to these, just giving everyone
impacted a heads up since we are not able to answer them all right away.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | cosmicray | Posted: | Nov 8, 2023 14:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you to the entire team, for all the hard work and long hours !
Nita Rae
|
|
|
| | | | | |
| | | | Author: | Michaeld1983 | Posted: | Nov 8, 2023 14:13 | Subject: | Re: Update on November 3rd incident | Viewed: | 72 times | Topic: | Administrative | |
|
| Thanks team for getting everything back up. You have handled this situation with
care and speed. I appreciate your efforts and fortunately my store (and inventory)
remain intact. Cheers Mike
|
|
| | | | | |
| | | | Author: | DelsynsDroids | Posted: | Nov 8, 2023 14:15 | Subject: | Re: Update on November 3rd incident | Viewed: | 57 times | Topic: | Administrative | |
|
| Way to go team! We appreciate you! |
|
| | | | | |
| | | | Author: | BrickDeals | Posted: | Nov 8, 2023 14:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 87 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | StreamyBrick | Posted: | Nov 10, 2023 03:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 41 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, BrickDeals writes:
| Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
|
why do i keep getting this update your password message ?? already did that
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | StreamyBrick | Posted: | Nov 10, 2023 03:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| In Administrative, kdwykleingeld writes:
| In Administrative, CE_Uday writes:
| In Administrative, BrickDeals writes:
| Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
|
why do i keep getting this update your password message ?? already did that
|
we can assume that everyone who can access bl again has changed its password
since that was required.. so no need for that message
|
|
| | | | | |
| | | | Author: | skazy | Posted: | Nov 8, 2023 14:25 | Subject: | Re: Update on November 3rd incident | Viewed: | 92 times | Topic: | Administrative | |
|
| Thank you for the BL team's big effort these last days! Good job.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | larvalrin | Posted: | Nov 8, 2023 14:29 | Subject: | Re: Update on November 3rd incident | Viewed: | 85 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
I can't believe how much I missed bricklink I can finally start my
little project!
|
|
|
| | | | | |
| | | | Author: | Luxurybricks | Posted: | Nov 8, 2023 14:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 117 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Many thanks to the BL-Team for the much effort.
Is it possible for the IT-team to add the ip-address to the E-Mail login notice?
|
|
|
| | | | | | |
| | | | Author: | wahiggin | Posted: | Nov 8, 2023 14:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| Thank you for the steps taken to get our beloved site back up and working again. |
|
| | | | | |
| | | | Author: | MYLEGOBRICKS | Posted: | Nov 8, 2023 14:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 78 times | Topic: | Administrative | |
|
| MANY THANKS FOR GETTING US BACK UP AND RUNNING.
GIVE YOURSELVES A WELL-DESERVED PAT ON THE BACK .....
|
|
| | | | | |
| | | | Author: | Harrisok12 | Posted: | Nov 8, 2023 15:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Administrative | |
|
| Thanks for all your hard work. Great to see the site up again |
|
| | | | | |
| | | | Author: | KyleKatarn98 | Posted: | Nov 8, 2023 15:10 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| Wielkie dzięki za odblokowanie naszej ulubionej strony!
Great thanks for unlocking our favourite site!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Debstarcrazy | Posted: | Nov 8, 2023 15:16 | Subject: | Re: Update on November 3rd incident | Viewed: | 50 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
So good to be back! Huge thanks and well done to all the team for getting us
back up and running again. Job well done. Go and get some sleep now people!
|
|
|
| | | | | |
| | | | Author: | Boy_Anachronism | Posted: | Nov 8, 2023 15:19 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| Thank you for all your work, it is very much appreciated! |
|
| | | | | |
| | | | Author: | welo999 | Posted: | Nov 8, 2023 15:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
|
Thanks for taking care, even if took a few days. Better safe than sorry!
|
|
| | | | | |
| | | | Author: | marjansmit | Posted: | Nov 8, 2023 15:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 40 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks Team. You realise what you appreciate at the moment you do not have it
anymore. Keep up the good work!
MSB-Bricks
|
|
|
| | | | | |
| | | | Author: | steinzeugs | Posted: | Nov 8, 2023 15:31 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Good to see you back. A big THANK YOU for the quick fix!
|
|
|
| | | | | |
| | | | Author: | RutiFruti | Posted: | Nov 8, 2023 15:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Great to be back!! Many, many thanks Bricklink team for your work these days
and for keeping us posted!!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | tec | Posted: | Nov 8, 2023 15:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 91 times | Topic: | Administrative | |
|
| These have been 5 intense days I imagine
But i nthe end you did it.
Go admins!
keep up the good work
|
|
| | | | | |
| | | | Author: | Lebostein | Posted: | Nov 8, 2023 15:47 | Subject: | Why password with 15 digits only? | Viewed: | 149 times | Topic: | Administrative | |
|
| 15 digits are a joke with regard to modern security recommendations |
|
| | | | | | | | | |
| | | | | | Author: | 1001bricks | Posted: | Nov 8, 2023 21:15 | Subject: | Re: Why password with 15 digits only? | Viewed: | 127 times | Topic: | Administrative | |
|
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | breesy | Posted: | Nov 8, 2023 21:21 | Subject: | Re: Why password with 15 digits only? | Viewed: | 76 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | 1001bricks | Posted: | Nov 8, 2023 21:39 | Subject: | Re: Why password with 15 digits only? | Viewed: | 97 times | Topic: | Administrative | |
|
| | | I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
Because collisions in hashing, a short password can collide with a megabyte one,
so the longer does NOT mean it's safer.
And of course, hoping passwords aren't saved in 'plain text'... But
that's another question I won't discuss.
IMHO, as BrickLink has an old (and proud!) history of development, I guess there
are tens of tests on this maximum value a bit everywhere, and it's a complete
separate (and non urgent) task, to find EVERY place where it's implemented
(and in various languages)...
|
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | breesy | Posted: | Nov 8, 2023 21:57 | Subject: | Re: Why password with 15 digits only? | Viewed: | 78 times | Topic: | Administrative | |
|
| Agree that a random password passwords above a certain length aren't more
secure, but allowing passwords with unconstrained length does suggest that they
are storing securely (by hashing it), rather than storing it plain/encoded/encrypted.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | macebobo | Posted: | Nov 9, 2023 11:37 | Subject: | Re: Why password with 15 digits only? | Viewed: | 73 times | Topic: | Administrative | |
|
| In Administrative, breesy writes:
| You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
|
Indeed.
| If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
What I infer from the limitation, is that Bricklink MAY not be following best
practices here. And lord forbid that they are raw or "encrypted" in the
db. **Shudders**
https://xkcd.com/936/
|
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | sandman | Posted: | Nov 9, 2023 16:38 | Subject: | Re: Why password with 15 digits only? | Viewed: | 103 times | Topic: | Technical Issues | |
|
| In Administrative, CE_Uday writes:
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.
|
It seems like you can use more than 15 characters using the "Reset password"
function, which in turn breaks BrickStore that only accepts 15 characters (users
were confused in the past, so I added the same character limitation in BrickStore)
This would also make it impossible to later change the password on BL's account
info page...
See: https://github.com/rgriebl/brickstore/issues/787
Thanks for looking into this!
Robert
|
|
|
| | | | | | | | | |
| | | | | | Author: | godprobe | Posted: | Nov 12, 2023 22:44 | Subject: | Re: Why password with 15 digits only? | Viewed: | 54 times | Topic: | Administrative | |
|
| Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | CE_Uday | Posted: | Nov 13, 2023 11:22 | Subject: | Re: Why password with 15 digits only? | Viewed: | 54 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Uday
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Apr 4, 2023 |
|
Admin |
|
|
BrickLink Administrator |
|
| In Administrative, godprobe writes:
| Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
|
Thank you for your feedback. The 15-character limit is mentioned on the password
reset page, but it is not displayed when you change your password on the "Account
Info" page.
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Emptyhead1 | Posted: | Nov 13, 2023 14:46 | Subject: | Re: Why password with 15 digits only? | Viewed: | 35 times | Topic: | Administrative | |
|
| I was wondering this as well because it doesn't allow for very secure passwords. |
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | 1001bricks | Posted: | Nov 13, 2023 15:17 | Subject: | Re: Why password with 15 digits only? | Viewed: | 42 times | Topic: | Administrative | |
|
| In Administrative, thekillerrabbit writes:
| I was wondering this as well because it doesn't allow for very secure passwords.
|
Interesting to get an advice on a 3 days old account...
Not very secure? Please read:
https://www.bricklink.com/message.asp?ID=1437985
|
|
| | | | | |
| | | | Author: | McBricks | Posted: | Nov 8, 2023 15:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| Thanks Admin for your hard work and detication ! Greatly appreciated!!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | chriselliottart | Posted: | Nov 8, 2023 15:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 80 times | Topic: | Administrative | |
|
| Thank you for all your hard work to ensure the site's safety and continuity.
These things happen and I hope the team is getting some well-deserved rest soon!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | v100Bricks | Posted: | Nov 8, 2023 16:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Very full and informative response. Nothing wrong with an abundance of caution
so well done all concerned.
|
|
| | | | | |
| | | | Author: | LegoKingMaster | Posted: | Nov 8, 2023 16:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Please add the ability for 2FA!
Thanks.
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | brickerking | Posted: | Nov 9, 2023 21:20 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, LegoKingMaster writes:
| Please add the ability for 2FA!
Thanks.
|
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
|
I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | PlanetEarthToys | Posted: | Nov 9, 2023 21:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 62 times | Topic: | Administrative | |
|
| In Administrative, brickerking writes:
| In Administrative, CE_Uday writes:
| In Administrative, LegoKingMaster writes:
| Please add the ability for 2FA!
Thanks.
|
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
|
I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
|
agreed, make it optional
|
|
| | | | | |
| | | | Author: | kreativsnail | Posted: | Nov 8, 2023 16:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Administrative | |
|
| Thank you so much for getting this back up and running, and protecting our accounts. |
|
| | | | | |
| | | | Author: | Reki_Lobsheek | Posted: | Nov 8, 2023 16:26 | Subject: | Re: Update on November 3rd incident | Viewed: | 57 times | Topic: | Administrative | |
|
| Thanks for "nipping this in the bud" and prioritizing the platform's
security above all!
Erik
|
|
| | | | | |
| | | | Author: | EnchantedBricks | Posted: | Nov 8, 2023 16:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| Huge shoutout to the Bricklink team for working on getting the site restored!!
Glad to be back... I almost had to interact with my family!!
|
|
| | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 16:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 57 times | Topic: | Administrative | |
|
| | Glad to be back... I almost had to interact with my family!!
|
dodged a bullet!
|
|
| | | | | |
| | | | Author: | srawrats | Posted: | Nov 8, 2023 16:43 | Subject: | Re: Update on November 3rd incident | Viewed: | 76 times | Topic: | Administrative | |
|
| Thank you very very much for your great work! I can imagine, how hard your days
and nights were, I'm fighting also nearly every day against cyber crime etc.
coming from outside as IT specialist. Take a deep breath and be proud of yourself!
I'm glad Bricklink is back, loving this platform and was missig it so much...
Take care!!!
|
|
| | | | | |
| | | | Author: | Bizard_Bricks | Posted: | Nov 8, 2023 17:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
|
|
|
| | | | | | | | | |
| | | | | | Author: | jmb1983 | Posted: | Nov 8, 2023 17:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 115 times | Topic: | Administrative | |
|
| In Administrative, Bizard_Bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
|
Just wanted to extend my thanks and praise to the entire staff at BrickLink for
their perseverance and dedication on swiftly and promptly handling this situation.
I am very glad to see the site back up and running as it’s a daily interaction
and a part of my daily life.
|
|
|
| | | | | |
| | | | Author: | R0Sch | Posted: | Nov 8, 2023 18:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| Thanks for the efforts to bring back the site up and running again. It's
better not rushing things when it comes to security. Hope LEGO can introduces
2FA and longer passwords here as well so this doesn't happen again.
Cheers!
|
|
| | | | | | | | | |
| | | | | | Author: | studdouble | Posted: | Nov 8, 2023 21:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 50 times | Topic: | Administrative | |
|
| they should skip 2FA and implement PASSKEYS |
|
| | | | | |
| | | | Author: | tvattima | Posted: | Nov 8, 2023 18:17 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
Bricklink Team, as a software developer at a major financial institution, I can
empathize with this critical situation and the very long days the team must have
put in to restore the production system. I believe I speak for every Bricklink
User - Thank You!
|
|
| | | | | |
| | | | Author: | PurpleHeartNM | Posted: | Nov 8, 2023 18:18 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| I hope y'all get some rest after this. And I'm glad everyone was ok! |
|
| | | | | |
| | | | Author: | PabloVm | Posted: | Nov 8, 2023 18:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Thanks!!!! |
|
| | | | | |
| | | | Author: | petozo | Posted: | Nov 8, 2023 18:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Many thanks to the team for solving the problem
Business can continue
|
|
|
| | | | | |
| | | | Author: | KACL | Posted: | Nov 8, 2023 18:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you so much for all of your hard work and dedication to the BL community.
I really appreciated being kept in the loop while this was all going on. We really
do appreciate the team.
Karen
|
|
|
| | | | | |
| | | | Author: | UTLF | Posted: | Nov 8, 2023 18:39 | Subject: | (Cancelled) | Viewed: | 60 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | pjf240 | Posted: | Nov 8, 2023 19:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 65 times | Topic: | Administrative | |
|
| Thank you for the thorough (and relatively fast) response to this issue. Very
well handled, I would say.
|
|
| | | | | |
| | | | Author: | User1108202302 | Posted: | Nov 8, 2023 19:22 | Subject: | (Cancelled) | Viewed: | 116 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | RickBrick74 | Posted: | Nov 8, 2023 19:45 | Subject: | Re: Update on November 3rd incident | Viewed: | 46 times | Topic: | Administrative | |
|
| Thank you! |
|
| | | | | |
| | | | Author: | The_Boyz_Bricks | Posted: | Nov 8, 2023 19:47 | Subject: | Re: Update on November 3rd incident | Viewed: | 76 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you Bricklink!!
|
|
|
| | | | | |
| | | | Author: | Jedi_Bob123 | Posted: | Nov 8, 2023 20:00 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Big thank you Bricklink team!!
|
|
|
| | | | | |
| | | | Author: | JediMasterKenob | Posted: | Nov 8, 2023 20:28 | Subject: | Re: Update on November 3rd incident | Viewed: | 61 times | Topic: | Administrative | |
|
| Great Job guys! It's good to see BL back online.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Swatson217 | Posted: | Nov 8, 2023 21:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| Thank you!!!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | falling2pieces | Posted: | Nov 8, 2023 22:06 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Thank so very much for your hard work saving Bricklink! |
|
| | | | | |
| | | | Author: | Rookisa46 | Posted: | Nov 8, 2023 22:18 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Hey man, Thanks a ton!
|
|
|
| | | | | |
| | | | Author: | Mayaman | Posted: | Nov 8, 2023 22:38 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| Many thanks to the team for solving the problem
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Prescribed_Brix | Posted: | Nov 8, 2023 22:56 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| Thanks for getting the site open to all again, but I do still have to complain
about the lack of communication and dearth of information posted on the only
accessible page.
This was only made more troubling when an invoice arrived by email - Was it real?
Was it a scam? How could the administrators of the site be so crass as to ask
for payment for a site that is down and not share anything else about the troubles?
That just makes me think of BrickLink TLG as greedy and out of touch.
Sorry to rant, but as in any relationship, good communication and finances are
the keys to keeping all parties happy, and neither were exhibited in this situation.
Chris
|
|
| | | | | | | | | |
| | | | | | Author: | BMan21 | Posted: | Nov 8, 2023 23:08 | Subject: | Re: Update on November 3rd incident | Viewed: | 73 times | Topic: | Administrative | |
|
| I think they did a good job keeping it open but I think I was left in the dark
about most of this.
|
|
| | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 23:28 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| For the fees thing it’s almost guaranteed an automated system and they may have
just never had a system in place that would prevent it from being sent and they
were focused fully on security so it likely never crossed their minds or if it
did they didn’t have time to address it
|
|
| | | | | | |
| | | | Author: | Shellfish_Sam | Posted: | Nov 8, 2023 23:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 45 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Appreciate your quick response and bold actions to resolve. A few days of downtime
isn't that big of a deal in the long run. This is an awesome site, and
hate to see anything bad happen. Take a deep breath and keep vigilant.
|
|
|
| | | | | |
| | | | Author: | Ash471 | Posted: | Nov 9, 2023 00:13 | Subject: | Re: Update on November 3rd incident | Viewed: | 50 times | Topic: | Administrative | |
|
| Thank you to you & the team - glad things are sorted & back on line.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | dursagon | Posted: | Nov 9, 2023 00:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks for your efforts. Those who don't know how situations like this are
played out in the tech support industry will always whine about how long it took
because they have no clue as to people behind the scenes have to go through to
manage a security breach or threat. They don't get that investigating the
issue and finding a resolution takes time. Ignore those people and know your
efforts are appreciated.
Thanks again!
|
|
|
| | | | | |
| | | | Author: | Jelonek76 | Posted: | Nov 9, 2023 01:36 | Subject: | Re: Update on November 3rd incident | Viewed: | 80 times | Topic: | Administrative | |
|
| When are you going to introduce 2FA? |
|
| | | | | | | | | |
| | | | | | Author: | apple_brick | Posted: | Nov 9, 2023 02:19 | Subject: | Re: Update on November 3rd incident | Viewed: | 80 times | Topic: | Administrative | |
|
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the **s.
Regards,
AFOL Supply
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | SylvainLS | Posted: | Nov 9, 2023 02:26 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, apple_brick writes:
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
|
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | StreamyBrick | Posted: | Nov 9, 2023 02:31 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
| In Administrative, apple_brick writes:
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
|
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
|
Adding 2fa will be a logical way to increase security. Either GA based which
will create device dependency (and processes to reinitiate) or email (or even
sms) which will be less device dependent
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | StreamyBrick | Posted: | Nov 9, 2023 02:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 52 times | Topic: | Administrative | |
|
| In Administrative, kdwykleingeld writes:
| In Administrative, SylvainLS writes:
| In Administrative, apple_brick writes:
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
|
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
|
Adding 2fa will be a logical way to increase security. Either GA based which
will create device dependency (and processes to reinitiate) or email (or even
sms) which will be less device dependent
|
Also - introduce required password change after some period of time ...
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | Author: | SylvainLS | Posted: | Nov 9, 2023 02:42 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| In Administrative, kdwykleingeld writes:
| […]
Also - introduce required password change after some period of time ...
|
The problem is that it’s the best way to have people use weak passwords: password1,
password2….
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | StreamyBrick | Posted: | Nov 9, 2023 02:45 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
| In Administrative, kdwykleingeld writes:
| […]
Also - introduce required password change after some period of time ...
|
The problem is that it’s the best way to have people use weak passwords: password1,
password2….
|
yes and combined with proper passwor rules (length / characters / special chars
/ no reuse etc etc
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | Author: | SylvainLS | Posted: | Nov 9, 2023 03:06 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| In Administrative, kdwykleingeld writes:
| In Administrative, SylvainLS writes:
| In Administrative, kdwykleingeld writes:
| […]
Also - introduce required password change after some period of time ...
|
The problem is that it’s the best way to have people use weak passwords: password1,
password2….
|
yes and combined with proper passwor rules (length / characters / special chars
/ no reuse etc etc
|
Humans are both lazy and industrious: they can work very hard to find ways around
more work
Example: the software may prevent using password2 after password1, but you can
use 2password, and then password3 and 4password…
In the end, you get a “gasworks”: lots of very annoying and ineffective rules
blocking good passwords and still allowing bad ones, even sometimes encouraging
the latter.
Not saying there shouldn’t be rules, just discussing/chatting on the difficulties
and despairing of human nature
I don’t know if you ever tried to discuss password policy with your less-computer
savvy friends and family
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | Author: | lostcarpark | Posted: | Nov 9, 2023 03:11 | Subject: | Re: Update on November 3rd incident | Viewed: | 86 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
| In Administrative, kdwykleingeld writes:
| In Administrative, SylvainLS writes:
| In Administrative, kdwykleingeld writes:
| […]
Also - introduce required password change after some period of time ...
|
The problem is that it’s the best way to have people use weak passwords: password1,
password2….
|
yes and combined with proper passwor rules (length / characters / special chars
/ no reuse etc etc
|
Humans are both lazy and industrious: they can work very hard to find ways around
more work
|
Agreed. The best policy is generally to just keep a list of common passwords
and ensure that the password chosen isn't on that list.
Also encourage users to use a password manager that will generate a long random
password for each site, and track them for you.
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | 1001bricks | Posted: | Nov 9, 2023 11:25 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
| In Administrative, apple_brick writes:
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
|
I guess you’ll already be annoyed with the messages each time you use a new device
|
YES!
Please BrickLink allow us to set it OFF in Settings.
Thank you.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | breesy | Posted: | Nov 9, 2023 03:29 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| If they allow TOTP for 2FA, then you could share the QR code between your staff? |
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | jodawill | Posted: | Nov 10, 2023 09:42 | Subject: | Re: Update on November 3rd incident | Viewed: | 95 times | Topic: | Administrative | |
|
| In Administrative, apple_brick writes:
| In Administrative, Jelonek76 writes:
| When are you going to introduce 2FA?
|
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the **s.
Regards,
AFOL Supply
|
If they use TOTP, add the code to a KeePass database and share it with your employees.
|
|
| | | | | | |
| | | | Author: | Angeli | Posted: | Nov 9, 2023 02:10 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| if we can help in any capacity, just ask
good luck
|
|
| | | | | |
| | | | Author: | Nessiah | Posted: | Nov 9, 2023 02:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 44 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
...
| Many thanks,
Your BrickLink Team
|
Now at the latest would be the time for mandatory 2FA for all members, something
that has long been called for and can ensure the security of accounts.
Otherwise: thank you that the site is finally back online and we can trade again.
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | tomaszpoliszuk | Posted: | Nov 10, 2023 19:00 | Subject: | Re: Update on November 3rd incident | Viewed: | 39 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, Nessiah writes:
| Now at the latest would be the time for mandatory 2FA for all members, something
that has long been called for and can ensure the security of accounts.
Otherwise: thank you that the site is finally back online and we can trade again.
|
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
|
If/when you add 2FA please allow use of hardware authentication (such as YubiKey)
without need to use additional application (I had to say it since this is exactly
what GitHub did o_0).
Additionally please allow use of passwords longer than 15 characters.
|
|
|
| | | | | |
| | | | Author: | legoadam | Posted: | Nov 9, 2023 02:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 35 times | Topic: | Administrative | |
|
| Thank you for your efforts IT & management team!
I was really upset that we might have some permanent damage but I'm glad
nothing worse happened.
|
|
| | | | | |
| | | | Author: | lostcarpark | Posted: | Nov 9, 2023 03:06 | Subject: | Re: Update on November 3rd incident | Viewed: | 40 times | Topic: | Administrative | |
|
| Well done on taking decisive action, and getting the site back to normal quickly.
I think getting users to reset passwords is a wise precaution.
I have two suggestions. There have been a lot of posts in this thread, and I
haven't read them all, so these may well have been covered.
1. Add Two-Factor Authentication (2FA). This is not difficult to do these days.
I'd suggest making it an opt-in feature for buyers, and mandatory for sellers.
2. Add explicit measures to protect against Cross Site Request Forgery (CSRF).
This is where your login token gets hijacked, and a fraudulent user continues
a session that has already been logged in. 2FA does not protect against this.
There are various measures that help protect against this, and I don't claim
to be an expert, but it would be a good idea to look into the possible attacks
and ensure that as many as possible are covered off.
|
|
|
| | | | | | | | | |
| | | | | | Author: | CE_Uday | Posted: | Nov 9, 2023 14:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 61 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Uday
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Apr 4, 2023 |
|
Admin |
|
|
BrickLink Administrator |
|
| In Administrative, lostcarpark writes:
| Well done on taking decisive action, and getting the site back to normal quickly.
I think getting users to reset passwords is a wise precaution.
I have two suggestions. There have been a lot of posts in this thread, and I
haven't read them all, so these may well have been covered.
1. Add Two-Factor Authentication (2FA). This is not difficult to do these days.
I'd suggest making it an opt-in feature for buyers, and mandatory for sellers.
2. Add explicit measures to protect against Cross Site Request Forgery (CSRF).
This is where your login token gets hijacked, and a fraudulent user continues
a session that has already been logged in. 2FA does not protect against this.
There are various measures that help protect against this, and I don't claim
to be an expert, but it would be a good idea to look into the possible attacks
and ensure that as many as possible are covered off.
|
Thank you for the suggestions! At the moment, BrickLink does not support two-factor
authentication. However, we will continue to increase security on our platform
and will communicate about any new security features as they become available.
|
|
|
| | | | | |
| | | | Author: | rtjepsen | Posted: | Nov 9, 2023 04:48 | Subject: | Re: Update on November 3rd incident | Viewed: | 33 times | Topic: | Administrative | |
|
| Very happy to see the site back up again. While it did take quite a while to
work through, I felt it was necessary to conduct a thorough check of the system
for any virus, Trojan horses, or anything else that could have been left. Thankfully
the main system wasn't breached or the down time could have been a lot longer.
I did miss the site while it was down, could't get my BL fix!
|
|
| | | | | |
| | | | Author: | Nordbart | Posted: | Nov 9, 2023 05:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| That was certainly exciting for the wrong reasons.
Glad you're back.
nordbart
|
|
| | | | | |
| | | | Author: | Teup | Posted: | Nov 9, 2023 05:17 | Subject: | Re: Update on November 3rd incident | Viewed: | 90 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
|
Can you be more specific here: Does this mean 2FA or not?
So it turns out the 'hacker's comment that 2FA wouldn't save us was
indeed bluff. It very much would have saved us. So is Bricklink going
to prevent this from happening again? I hope 2FA will be put in place before
the devs are going to be put through another series of sleepless nights...
|
|
| | | | | | | | | | | | | | | |
| | | | | | | | Author: | Teup | Posted: | Nov 9, 2023 16:48 | Subject: | Re: Update on November 3rd incident | Viewed: | 80 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, Teup writes:
| Can you be more specific here: Does this mean 2FA or not?
So it turns out the 'hacker's comment that 2FA wouldn't save us was
indeed bluff. It very much would have saved us. So is Bricklink going
to prevent this from happening again? I hope 2FA will be put in place before
the devs are going to be put through another series of sleepless nights...
|
At this time, we can't comment on specific security measures in development.
However, we will communicate about any new security features as they become available.
|
Thanks for the reply. I hope it will include 2FA or something else that in this
case would have prevented the outage. Both for the team and the sellers/buyers
sake..
|
|
|
| | | | | |
| | | | Author: | TrevithickLego | Posted: | Nov 9, 2023 07:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Administrative | |
|
| Dear Bricklink team and Admins, thank you very much for the great work and your
efforts after the terrible disaster on Friday. Personally, I no longer believed
that Bricklink would be online again this year. I was afraid not coping with
the difficulties I had after the shut down. Thank you so much for your hard work
and solving this problem. All the best for the future.
Respectfully
Nick
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | evaizzo12345 | Posted: | Nov 9, 2023 08:58 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you for all your hard work to get us back up and running.
|
|
|
| | | | | |
| | | | Author: | dcarmine | Posted: | Nov 9, 2023 12:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Thank you so much for your work! Thank you for your communication through out!
Well done!!!
Donna
|
|
| | | | | |
| | | | Author: | Juniti | Posted: | Nov 9, 2023 14:46 | Subject: | Re: Update on November 3rd incident | Viewed: | 52 times | Topic: | Administrative | |
|
| Thanks, guys. But you should allow longer passwords and add 2FA (at least as
an option).
Otherwise I'm happy the site's running again and nothing reeeally bad
happened.
Imagine haxx0rs who don't want money and just erase everything without warning.
Increase your safety and take this as a warning.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | | |
| | | | Author: | Volumex2 | Posted: | Nov 9, 2023 15:38 | Subject: | Re: Update on November 3rd incident | Viewed: | 69 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
All good.. let’s hope next time there is a swift recovery!
|
|
|
| | | | | |
| | | | Author: | braun | Posted: | Nov 9, 2023 17:57 | Subject: | Re: Update on November 3rd incident | Viewed: | 104 times | Topic: | Administrative | |
|
| Thanks for keeping us posted, though I know we always want more information than
is available or than there's time to lay out. I've been a bit wary of
reopening next season, so I'm glad some measures are in place. 2FA (or more)
would be helpful, but of course I'm glad to see more notices of logins, etc.
If fees must climb a wee bit to get ahead of a more serious attack than this
opportunistic mess, I get it.
|
|
| | | | | |
| | | | Author: | a67sm | Posted: | Nov 9, 2023 22:07 | Subject: | Re: Update on November 3rd incident | Viewed: | 86 times | Topic: | Administrative | |
|
| Thank you!
Please do prioritize 2FA and a real secure implementation, not just the email
or phone number verification but a cryptographically generated OTP option, and
preferable one that allows us to use any provider we want rather than just Symantec
as many larger corporations have done. This would be game changing for individual
account security.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | Bricks4cheap | Posted: | Nov 11, 2023 13:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, a67sm writes:
| Thank you!
Please do prioritize 2FA and a real secure implementation, not just the email
or phone number verification but a cryptographically generated OTP option, and
preferable one that allows us to use any provider we want rather than just Symantec
as many larger corporations have done. This would be game changing for individual
account security.
|
We will continue to increase security on our platform and will communicate about
any new security features as they become available
|
Thanks for working hard to secure the site and for restoring it without any inventory
issues. As many have stated, 2fa would be a great feature to protect sellers
against malicious attacks. I see some stores with so many unique parts and I'd
assume it could take thousands of hours to restore these lots manually.
|
|
|
| | | | | |
| | | | Author: | spielwarenFrick | Posted: | Nov 10, 2023 12:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| 👍 👍 👍 👍 👍 👍 👍 👍 👍 👍 |
|
| | | | | |
| | | | Author: | Jack06 | Posted: | Nov 10, 2023 16:20 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
I never knew that Bricklink was down until now great work Bricklink admin
|
|
|
| | | | | |
| | | | Author: | drouu | Posted: | Nov 10, 2023 18:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| is there a technical reason for limiting passwords to 15 characters?
and if so, please don't whatever that is.
|
|
| | | | | | | | | |
| | | | | | Author: | drouu | Posted: | Nov 10, 2023 18:18 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| In Administrative, drouu writes:
| is there a technical reason for limiting passwords to 15 characters?
and if so, please don't whatever that is.
|
i'll add to this, if there is a char(15) database column for storing plain-text
or triple-rot-13 passwords, i am going to delete my account right now.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | 1001bricks | Posted: | Nov 10, 2023 19:14 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| In Administrative, drouu writes:
| In Administrative, drouu writes:
| is there a technical reason for limiting passwords to 15 characters?
and if so, please don't whatever that is.
|
i'll add to this, if there is a char(15) database column for storing plain-text
or triple-rot-13 passwords, i am going to delete my account right now.
|
But it also could be a char(16) column for the 0 final!
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | Nubs_Select | Posted: | Nov 10, 2023 19:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 75 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, drouu writes:
| In Administrative, drouu writes:
| is there a technical reason for limiting passwords to 15 characters?
and if so, please don't whatever that is.
|
i'll add to this, if there is a char(15) database column for storing plain-text
or triple-rot-13 passwords, i am going to delete my account right now.
|
But it also could be a char(16) column for the 0 final!
|
column limits recently had me very confused and I lost a lot of time
due to a column that was to small
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | yorbrick | Posted: | Nov 10, 2023 19:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 62 times | Topic: | Administrative | |
|
| | i'll add to this, if there is a char(15) database column for storing plain-text
or triple-rot-13 passwords, i am going to delete my account right now.
|
Bricklink would increase the security factor by one level and go for quadruple-rot13
instead!
|
|
| | | | | |
| | | | Author: | afolantman | Posted: | Nov 12, 2023 03:48 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| Many thanks! Did just change my password. Pls try adding 2FA options for further
securing our accounts.
Kind regards
Alex
|
|
| | | | | | |
| | | | Author: | avrolijk | Posted: | Nov 13, 2023 00:41 | Subject: | Re: Update on November 3rd incident | Viewed: | 73 times | Topic: | Administrative | |
|
| Thank you for the update and the good care! |
|
| | | | | |
| | | | Author: | stripes | Posted: | Nov 13, 2023 15:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
|
|
| | | | | | | | | |
| | | | | | Author: | yorbrick | Posted: | Nov 13, 2023 15:28 | Subject: | Re: Update on November 3rd incident | Viewed: | 36 times | Topic: | Administrative | |
|
| | As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
LEGO don't have 2FA on their website either.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | 1001bricks | Posted: | Nov 13, 2023 15:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 41 times | Topic: | Administrative | |
|
| In Administrative, yorbrick writes:
| | As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
LEGO don't have 2FA on their website either.
|
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | SylvainLS | Posted: | Nov 13, 2023 15:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| […]
| LEGO don't have 2FA on their website either.
|
And neither my bank BNP/Paribas or PayPal.
|
My bank(s) (SG & Bourso) sometimes do MFA (SMS + e-mail)… but not at every login.
And the passwords are 6 or 8 digits (true digits here, no letters, no punctuation,
perfect size for your birthday or (the end of) your telephone number).
| I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | ErwinNL | Posted: | Nov 13, 2023 15:47 | Subject: | Re: Update on November 3rd incident | Viewed: | 45 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, yorbrick writes:
| | As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
LEGO don't have 2FA on their website either.
|
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
|
PayPal for sure has TFA, you just don't have it enabled.
I am fine with LEGO/BrickLink adding TFA as long as it is optional.
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | Llewyn | Posted: | Nov 17, 2023 07:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| In Administrative, ErwinNL writes:
| PayPal for sure has TFA, you just don't have it enabled.
I am fine with LEGO/BrickLink adding TFA as long as it is optional.
|
lego.com already has optional 2FA, though it's somewhat meaningless as it's
only email based. Must admit I'd entirely forgotten Paypal's was optional;
I simply can't understand why anyone who understands the problem would want
it disabled.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | randyf | Posted: | Nov 13, 2023 17:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, yorbrick writes:
| | As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
LEGO don't have 2FA on their website either.
|
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
|
Yep. I always wonder why people scream for 2FA/MFA like it is the answer to everything.
I have accounts with more than a dozen financial institutions, and only two or
three of them use 2FA/MFA and it is a hassle every damn time. Not all of us in
the world want to use it or want to see it added to every single site that we
come into contact with. Why would I want 2FA/MFA on BrickLink when my PayPal
account that all transactions here go through doesn't even use it? Absolutely
bonkers.
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | yorbrick | Posted: | Nov 13, 2023 17:59 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, yorbrick writes:
| | As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
|
LEGO don't have 2FA on their website either.
|
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
|
I have 2FA on PayPal, but supposedly only on new login devices. But it seems
to forget my main tablet way too frequently, very annoying if I forget my phone.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Llewyn | Posted: | Nov 17, 2023 07:38 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, yorbrick writes:
| LEGO don't have 2FA on their website either.
|
They do. It's optional, and only email based, but it's been there for
a year or so.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | yorbrick | Posted: | Nov 17, 2023 09:16 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| In Administrative, Llewyn writes:
| In Administrative, yorbrick writes:
| LEGO don't have 2FA on their website either.
|
They do. It's optional, and only email based, but it's been there for
a year or so.
|
If it is email based, then bricklink also already has a similar 2FA-style alternative.
Set the password to be a completely random string of 15 digits and letters and
log in. Then each time you want to log in, use the forget password setting to
have a new code sent to your email. Cracking a 62^15 password is unlikely and
if you change the password every time you log in, then if anyone does manage
to get your password unless they change it quickly then it will soon be changed.
|
|
| | | | | |
| | | | Author: | legokopen | Posted: | Nov 13, 2023 15:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| Dear team,
Thank you for the update and fixing things!
Take care,
Jelle
|
|
| | | | | |
| | | | Author: | Darkhunter07 | Posted: | Nov 13, 2023 22:10 | Subject: | change my name? | Viewed: | 66 times | Topic: | Administrative | |
|
| hello, hope you dont mind me asking a admin this
but i would like to change my name but i get an error
|
|
| | | | | |
| | | | Author: | brickpopz | Posted: | Nov 15, 2023 02:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Administrative | |
|
| Was it checked that members emails and passwords (details) were accessed and
potentially used for "credential stuffing" on other websites?
Best Regards
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | mbootsman | Posted: | Nov 17, 2023 10:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 65 times | Topic: | Administrative | |
|
| Thanks for the update.
Please add 2FA asap to further enhance user and platform security.
|
|
| | | | | |
| | | | Author: | Almere_Bricks | Posted: | Nov 19, 2023 08:40 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Administrative | |
|
| Please handle as promis feedback remove fast, waiting 4 days and no response
on removal or ticked, how much damage we as store need to take before you guys
help??
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | | | | | | |
| | | | | | Author: | qwertyboy | Posted: | Nov 19, 2023 10:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 72 times | Topic: | Administrative | |
|
| In Administrative, Almere_Bricks writes:
| Please handle as promis feedback remove fast, waiting 4 days and no response
on removal or ticked, how much damage we as store need to take before you guys
help??
|
Honestly, looking at your FB, I don't think the Nov 3 incident is your main
issue.
Niek.
|
|
| | | | | |
| | | | Author: | flintlockfreddy | Posted: | Nov 20, 2023 04:41 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| Hello Bricklink Team,
I already changed my PW after the incident but I keep getting the warning.
How do I get rid of that?
|
|
| | | | | | | | | |
| | | | | | Author: | yorbrick | Posted: | Nov 20, 2023 05:14 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| In Administrative, flintlockfreddy writes:
| Hello Bricklink Team,
I already changed my PW after the incident but I keep getting the warning.
How do I get rid of that?
|
It seems to pop up fairly randomly when logging in. Just close the box and ignore
it.
|
|
| | | | | |
| | | | Author: | LegoMiniGuy | Posted: | Nov 22, 2023 14:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 111 times | Topic: | Administrative | |
|
| Thanks for that update. I work on authentication flows for a very large tech
company. One of the best things that Bricklink could do to improve security dramatically,
while easing the cognitive load on users around creating and remembering passwords
(which can be attacked fairly simply) would be to set up a webauthN server to
allow users to ditch passwords completely in favor of passkeys, which are unphishable
(there's nothing to remember), can't be shared, and use public-private
cryptographic key pairs to authenticate. It's a bit of work, but at the end
of the day, it's where the entire tech space is heading now that they are
available from Google, Apple and will be rolled out in Q1 on Microsoft.
Thanks,
-M
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | thebrickshow | Posted: | Dec 3, 2023 14:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 53 times | Topic: | Administrative | |
|
| So at what point to you reply to my emails asking if you are going to credit
me for the $750 order I placed to a seller I thought was legit that your system
did not protect me from? You have been ignoring those emails. I already did a
chargeback through my bank and they decline it saying the purchase was authorized.
Please advise.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | LK7 | Posted: | Dec 6, 2023 09:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| Hello, I changed my password 3 times, because this pop-up window cames everytime
when I went to BL
|
|
| | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Dec 6, 2023 12:34 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| In Administrative, LK7 writes:
| Hello, I changed my password 3 times, because this pop-up window cames everytime
when I went to BL
|
You should be able to just ignore it if your talking about the modal that just
recommends it
|
|
| | | | | |
| | | | Author: | peeledpeas | Posted: | Dec 10, 2023 14:39 | Subject: | Re: Update on November 3rd incident | Viewed: | 81 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
The site keeps bugging me to update my password but I have already done that
after the incident. It's a very strong password generated by Google. How
can I stop the annoying popup?
|
|
|
| | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Dec 11, 2023 00:18 | Subject: | Re: Update on November 3rd incident | Viewed: | 104 times | Topic: | Administrative | |
|
| | The site keeps bugging me to update my password but I have already done that
after the incident. It's a very strong password generated by Google. How
can I stop the annoying popup?l
|
I did it once thru the popup then hit the x button for several days and then
it stopped. Havnt had it in weeks so perhaps try that
|
|
| | | | | |
| | | | Author: | Thibaultmol | Posted: | Jan 23, 2024 10:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 100 times | Topic: | Administrative | |
|
| Just letting you know, I'm still getting the popup. But I just now created
the account... so..
|
|
|
|
|