What happened to BrickLink
On Friday, November 3rd, we temporarily closed the BrickLink site due to unusual activity. Since then, our team worked diligently to make sure we reopened as soon as possible. We’ve been aware of some isolated suspicious activity since mid-October and quickly worked to address it. As soon as we were aware of the potential escalation, we put the site into maintenance mode out of an abundance of caution to keep complete control of the platform while investigating. It is important to note that there is no evidence so far that our systems were compromised. Our investigations so far suggest that a very small number of accounts may have been accessed by unauthorized individuals with data obtained outside our platform. At this stage we believe this was a ‘credential stuffing’ incident, where someone obtains lists of usernames and passwords from a third party, often illegally, and opportunistically tries to use them on a website. To protect the integrity of our members as well as the BrickLink platform, we strongly advise all our members to practice good data security. Keep your systems up-to-date with the latest patches, use security software and create strong, unique passwords for each website you use. FAQsHow do I regain access to my account?All users are required to reset their passwords to log in. Accounts that may have been impacted will be required to go through additional security steps.What measures is BrickLink taking to ensure a similar incident doesn’t happen in the future?We’ve stepped up monitoring of unusual activity, informed people whose accounts or stores may have been impacted, and reminded people of ways they can make their accounts safer and more secure.Although we know the BrickLink site was not breached, we've added additional safety measures. We take the safety of BrickLink and our members very seriously and will continue to step up security across the platform. Will BrickLink be adding other account security like two-factor authentication and longer passwords?At the moment, BrickLink hasn't updated our password requirements and does not support two-factor authentication. We'll continue to increase security on our platform and will communicate about any new security features as they become available.Was any of our personal information like login credentials or payment details compromised?For a relatively small number of accounts, data may have been accessed including names, email addresses, country of residence, billing and delivery addresses, order history, and phone numbers.We DO NOT store credit card information on accounts so NO credit card details could have been accessed. We've directly contacted people whose accounts may have been accessed. We’ve also notified relevant authorities. Was any store inventory data lost due to this incident?Only a handful of store accounts were accessed and in some cases store inventories were changed or deleted.If you're a store owner, please check your inventory once you've regained access to your account. Contact us at bricklink@support.lego.com if you think there are any issues with your inventory, etc. How can I back up my seller inventory?We recommend regularly backing up your store inventory. You can download your inventory as an XML file by going to your Store Inventory and clicking the Download button at the bottom of the page.Should we update our passwords?All users are required to reset their passwords when logging in.Why isn't the password reset link working?Are you sending the password reset link multiple times? If so, you will need to click on the most recent password reset email as the reset link is re-generated when you click again. It may take a few minutes to arrive in your inbox, so please be patient. If that does not work, you can contact us at bricklink@support.lego.com.Did BrickLink pay the ransom?No.Why did I receive an invoice for seller fees on November 5th? Is this a legitimate invoice?Yes, the invoice sellers received on November 5th is legitimate. These invoices are automated and were sent despite the site being in maintenance mode. Since payment could not be made while BrickLink was down, no stores will be penalized for non-payment due to this incident. We sent sellers an email regarding this matter later in the day on November 5th.I placed an order before BrickLink went offline. How do I check my order status or request a refund?We understand your concerns regarding your order. Now that BrickLink is back online, please contact the seller directly with any questionsI’m a seller and a buyer left me negative or neutral feedback because I could not fulfill their order while BrickLink was down. Can you assist with removing this feedback since it resulted from order processing and shipping delays that were out of our control?If you received negative or neutral feedback due to orders not being fulfilled during this time, please contact bricklink@support.lego.com for assistance in removing it. Sellers could not send orders while the site was down and their store ratings should not be penalized as a result.What will happen to orders placed before the incident that buyers did not receive?If you believe you have made a purchase from a fraudulent seller, please reach out to bricklink@support.lego.com.How does this issue affect the November 15th end date for the MOC Pop-Up Store pilot?The end date of the MOC Pop-Up Store pilot will not change.Is the LEGO Group assisting with the situation?As BrickLink is owned by the LEGO Group, our colleagues across the company have been working with us to resolve the issue.I work in IT. How can I help?While we’ve got our own IT experts on the case, we appreciate the support of all our BrickLink community members, including IT and cyber security professionals. Thank you for the kind words and thinking of our team! |