After an excruciating several days of downtime due to a cyber-security incident, our beloved Bricklink is now back online!
The team at Bricklink has been hard at work to bring the site back, and everything is back to mostly normal!
As a precaution, as you log back in, you’ll receive a prompt to update your password, and it’s pleasing to see that they’ve enacted stronger password requirements. Hopefully, we’ll also get two-factor authentication down the road.
There is no evidence to suggest that your BrickLink account has been compromised. However, as a precaution we’re asking you to update your password. Please go to the BrickLink site and start the process of resetting your password by following the prompts during login.
In an email I received, I was also assured that my Bricklink account wasn’t compromised.
On Twitter, Bricklink have also posted that they’re back up, and are directing people to go to the Bricklink forums to learn more about what happened. Please send the Bricklink team a kind word of encouragement as they’ve been working tirelessly to get things back up and running.
Here’s the official message for those that can’t access the Bricklink forums. Thankfully, it seems that the main Bricklink database and systems weren’t compromised and that it was a few accounts that had been accessed, as well as acknowledging the issue: limited suspicious activity since mid-October, where unauthorized sellers were found offering products at huge discounts and fraudulently accepting payment from buyers
Update from Bricklink
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we’ve further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
The key point is “…no evidence so far that our systems were compromised.”. It sounds like the ransom demand was opportunistic. It’s good to hear that Bricklink itself appears to remain secure. Bricklink did the right thing in their response and statement at the end.
Yaaaaaaaaaaaaay!!!!!
😀 😀 😀
This morning feels just like when some rando comes down the chimney and leaves you the best gift ever! 😀
Merry “Bricklink’s Back” Jay!