Popular Lego marketplace went offline after a ‘ransom’ demand

Popular Lego marketplace went offline after a ‘ransom’ demand
Share on facebook
Share on twitter
Share on pinterest

BrickLink, an online Lego parts marketplace owned by Lego, is back online after several days of downtime due to a cybersecurity incident that apparently targeted some merchant accounts. The company said it received a “threat and ransom demand” last Friday, presumably in regard to company or user data, leading it to shut down the site “out of an abundance of caution.”

The site has been detecting “limited suspicious activity” since mid-October, where unauthorized sellers fraudulently attempted to collect money through unrealistically discounted listings.

BrickLink says a “relatively small” amount of accounts may have been compromised but does not see any evidence that its systems were breached. It says “credential stuffing” occurred, where bad actors input compromised passwords from other sources to try to break into owners’ accounts on different sites.

Lego reviewer and blogger Jay Ong, who writes for Jay’s Brick Blog, posted that they received a message from BrickLink that all users must change their passwords. Ong says they were assured their BrickLink account was not compromised. Notably, BrickLink does not yet offer two-factor authentication, although it plans to in the future.

Correction November 8th, 8:43PM ET: BrickLink is owned by Lego; we previously called it an unofficial marketplace. We regret the error.


Subscribe to our Newsletter

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Share this post with your friends

Share on facebook
Share on google
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *