A cybersecurity attack on LEGO-owned website BrickLink may have compromised user security. Users have been prompted to change passwords and check their anti-virus.
BrickLink is a site set up by LEGO to allow users to buy, sell, and trade LEGO parts, sets, and minifigures. It has become a huge success, and many fans rely on it to complete collections or get obscure parts for elaborate custom builds.
Now users of the site have been warned to re-set their passwords after a cyberattack on the site.
An explanation came via the official LEGO forums, where the security team told users that it was “actively managing” some suspicious activity that has been going on since mid-October.
It seems someone had managed to gain access to some seller accounts, and was selling valuable LEGO items at what are said to be massive discounts, and ‘fraudulently accepting payments from buyers’.
Security breach and ransomware threats
According to the FAQ subsequently released, only a handful of Store accounts were accessed, and in some cases, store inventory was changed or deleted.
Subscribe to our newsletter for the latest updates on Esports, Gaming and more.
Only a very small number of accounts are known to be affected. The post from admin clarified that there was no evidence of the system being breached, and they believed that someone had obtained a database of usernames and passwords and were testing them on the BrickLink until they hit upon a login that worked. This practice is sometimes referred to as ‘credential stuffing’.
Sometime after the beginning of the fraudulent activity, LEGO received a threat and a ransom demand. LEGO’s security team promptly shut down the site as a precautionary measure.
LEGO has not provided further information on the full nature of this ransomware threat, so it is presently unknown what the attackers were asking for, or how much money they were demanding.
LEGO has now brought BrickLink back online. Though LEGO has introduced improved security measures, users of the BrickLink site are still being encouraged to change their passwords and perform basic security checks such as anti-virus scans.