All Items  Search Log in / Register

Market Studio Programs Community Sell Cart

Forum Messages Topics Search Stats Post Members Links

Discussion Forum: Thread 349666

Author: Admin_Russell
Posted: Nov 8, 2023 13:07 BrickLink
Subject: Update on November 3rd incident ID Card
Viewed: 4660 times
Topic: Administrative Admin_Russell

Cancel Reply Location: USA, California

Member Since Contact Type Status

May 9, 2017 Admin

BrickLink Administrator

Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put

the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where

someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Author: Nubs_Select
Posted: Nov 8, 2023 13:09 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 200 times Nubs_Select (3381)
Topic: Administrative
Location: Canada, Ontario

Member Since Contact Type Status

Cancel Reply
Mar 15, 2016 Seller

Store: Nub's Select

Thankyou for the update!

Author: breesy
Posted: Nov 8, 2023 20:44 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 86 times breesy (198)
Topic: Administrative
Location: Australia, Western Australia

Member Since Contact Type Status

Cancel Reply
May 7, 2017 Buyer

In Administrative, Nubs_Select writes:

Thankyou for the update!

A couple of thoughts:

1. Prioritise adding 2FA. The community has been calling for this for years.

2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.

3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.

4. Bricklink needs to find a balance between executing on the promotional objectives

of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.

Thanks

Author: Khyron68
Posted: Nov 8, 2023 23:52 BrickLink
Subject: Re: Update on November 3rd incident ID Card
Viewed: 64 times
Topic: Administrative Khyron68 (22)

Location: USA, Michigan

Cancel Reply
Member Since Contact Type Status
Jan 12, 2020 Buyer

In Administrative, breesy writes:

In Administrative, Nubs_Select writes:

Thankyou for the update!

A couple of thoughts:

1. Prioritise adding 2FA. The community has been calling for this for years.

2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.

3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.

4. Bricklink needs to find a balance between executing on the promotional objectives

of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.

Thanks

Firstly "A couple" means 2 not 4

1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted

Author: lostcarpark
Posted: Nov 9, 2023 02:54 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 61 times lostcarpark (229)
Topic: Administrative
Location: Ireland, Meath

Member Since Contact Type Status

Cancel Reply
Dec 28, 2002 Seller

Store: LostCarPark

In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted

The announcement (probably wisely) does not give details of the ransom threat.

I, fairly regularly, receive ransom threats for sites I maintain. In general

they don't say anything more than "I've hacked your site. Send me
X Bitcoin or I will do something bad".

If a ransomer wants me to take their threat seriously, they need to include some
information that they couldn't know without having access to the website
internals. As I say we don't know what information the ransomer had.

As I don't run a global marketplace with millions of users, and the consequences
of a Ransomer carrying out any such threat would be much lower, I feel I can
safely ignore these threats.

I applaud Bricklink for taking quick and decisive action.

I do, however, encourage the introduction of 2FA.

Author: CE_Uday
Posted: Nov 9, 2023 13:56 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 50 times CE_Uday
Topic: Administrative

Location: USA, California

Cancel Reply
Member Since Contact Type Status
Apr 4, 2023 Admin

BrickLink Administrator

In Administrative, lostcarpark writes:

I do, however, encourage the introduction of 2FA.

At the moment, BrickLink does not support two-factor authentication. However,

we will continue to increase security on our platform and will communicate about
any new security features as they become available.

Author: Give.Me.A.Brick
Posted: Nov 9, 2023 03:53 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 66 times Give.Me.A.Brick (10480)
Topic: Administrative
Location: Portugal

Member Since Contact Type Status Collage

Cancel Reply
Nov 25, 2002 Seller

Store: Give Me A Brick ϟ

In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

Author: popsicle
Posted: Nov 9, 2023 10:30 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 103 times popsicle (6557)
Topic: Administrative

Location: USA, Washington

Cancel Reply
Member Since Contact Type Status
Feb 21, 2006 Seller

Store: ConstrucToys

In Administrative, Give.Me.A.Brick writes:

In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning

Author: TorontoLego
Posted: Nov 9, 2023 11:26 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 60 times TorontoLego (5747)
Topic: Administrative

Location: Canada, Ontario

Cancel Reply
Member Since Contact Type Status
Sep 19, 2008 Seller

Store: TORONTO BRICKS

I'm literally dying.

In Administrative, popsicle writes:

In Administrative, Give.Me.A.Brick writes:
In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about

the term's true meaning

Author: popsicle
Posted: Nov 9, 2023 11:58 BrickLink
Subject: Re: Update on ID Card
November 3rd incident
Viewed: 68 times popsicle (6557)
Topic: Administrative

Location: USA, Washington

Cancel Reply
Member Since Contact Type Status
Feb 21, 2006 Seller

Store: ConstrucToys

In Administrative, TorontoLego writes:

I'm literally dying.

Not the intent - Just saying (Mitigating any potential charges to at

most 2nd degree manslaughter)

Signed: popsicle

In Administrative, popsicle writes:

In Administrative, Give.Me.A.Brick writes:
In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning

Author: Give.Me.A.Brick
Posted: Nov 9, 2023 14:02 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 48 times Give.Me.A.Brick (10480)
Topic: Administrative
Location: Portugal

Member Since Contact Type Status Collage

Cancel Reply
Nov 25, 2002 Seller

Store: Give Me A Brick ϟ

In Administrative, popsicle writes:

In Administrative, Give.Me.A.Brick writes:
In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about

the term's true meaning

No no no.

On that sense, a couple is just and only 2.

My couple of cents, anyway

Author: popsicle
Posted: Nov 9, 2023 14:24 BrickLink
Subject: Re: Update on ID Card
November 3rd incident
Viewed: 55 times popsicle (6557)
Topic: Administrative

Location: USA, Washington

Cancel Reply
Member Since Contact Type Status
Feb 21, 2006 Seller

Store: ConstrucToys

In Administrative, Give.Me.A.Brick writes:

In Administrative, popsicle writes:
In Administrative, Give.Me.A.Brick writes:
In Administrative, Khyron68 writes:

Firstly "A couple" means 2 not 4

As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning

No no no.

On that sense, a couple is just and only 2.

My couple of cents, anyway

I know that you understand that. Just having some fun

The English language of all the world's major languages, is a wonderful

playground
of sorts, with it's massive vocabulary and seemingly endless exceptions to
it's rules.

-Cory

Author: r0bb
Posted: Nov 9, 2023 14:37 BrickLink
Subject: Re: Update on ID Card
November 3rd incident
Viewed: 50 times r0bb (34)
Topic: Administrative

Location: Netherlands, Drenthe

Cancel Reply
Member Since Contact Type Status
Oct 13, 2021 Seller

Store: Cyberdyne Bricks

In Administrative, Give.Me.A.Brick writes:

My couple of cents, anyway

Wow, I don't think you ever offered anything for a couple of cents on here!

Author: TheBrickGuys
Posted: Nov 8, 2023 13:11 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 134 times TheBrickGuys (12840)
Topic: Administrative

Location: USA, California

Cancel Reply Member Since Contact Type Status

Dec 18, 2010 Seller

Store: TheBrickGuys

In Administrative, Admin_Russell writes:

Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put

the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where

someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thanks for working to get us back up and running quickly. It was surprising just
how much we depend on BrickLink, I felt literally lost at times without it so
thanks again.

Jim.

Author: Stuart9
Posted: Nov 8, 2023 13:16 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 86 times Stuart9 (956)
Topic: Administrative

Location: United Kingdom, England

Cancel Reply
Member Since Contact Type Status Collage
Jul 22, 2012 Seller

Store: Top Slot

Thank you everyone at BL.

In Administrative, Admin_Russell writes:

Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put

the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where

someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Author: Tracyd
Posted: Nov 8, 2023 13:17 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 91 times Tracyd (392)
Topic: Administrative

Location: USA, Texas

Cancel Reply
Member Since Contact Type Status
May 29, 2003 Seller

Store: Tracyd's

In Administrative, Admin_Russell writes:

Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put

the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where

someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you and great job on stopping the issue when it became apparent and finding
out what was impacted.

Author: 3001Bricks
Posted: Nov 8, 2023 13:21 BrickLink
Subject: Re: Update on November 3rd ID Card
incident
Viewed: 68 times 3001Bricks (2273)
Topic: Administrative
Location: USA, Arkansas

Member Since Contact Type Status

Cancel Reply
Dec 30, 2015 Seller

Store: 3001Bricks

In Administrative, Admin_Russell writes:

Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put

the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where

someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you!

Author: jbricks
Posted: Nov 8, 2023 13:23 BrickLink
Subject: Re: November 3rd incident new safety ID Card
features.
Viewed: 82 times jbricks (17853)
Topic: Administrative
Location: Netherlands, Gelderland

Member Since Contact Type Status

Cancel Reply
Mar 5, 2009 Seller

Store: jbricks