BrickLink, the unofficial on-line Lego elements market, is back online after a number of days of downtime on account of a cybersecurity incident that apparently focused some service provider accounts. The corporate mentioned it acquired a “menace and ransom demand” final Friday, presumably in regard to firm or person knowledge, main it to shut down the site “out of an abundance of warning.”
The location has been detecting “restricted suspicious exercise” since mid-October, the place unauthorized sellers fraudulently tried to gather cash by way of unrealistically discounted listings.
BrickLink says a “comparatively small” quantity of accounts might have been compromised however doesn’t see any proof that its methods have been breached. It says “credential stuffing” occurred, the place unhealthy actors enter compromised passwords from different sources to attempt to break into homeowners’ accounts on totally different websites.
Lego reviewer and blogger Jay Ong, who writes for Jay’s Brick Weblog, posted that they acquired a message from BrickLink that every one customers should change their passwords. Ong says they have been assured their BrickLink account was not compromised. Notably, BrickLink doesn’t but supply two-factor authentication, though it plans to sooner or later.