Seems like database problem at the moment, I'm getting some orders from other
shops in my order list.
Most of them are already handled and set to 'ready'. In all orders my
shop seems to be listed as seller, but I do not have any of the sets sold in
my inventory.
All orders have 17 september as date of order, and my last real order is from
the 14th.
Seems like database problem at the moment, I'm getting some orders from other
shops in my order list.
What???
Most of them are already handled and set to 'ready'. In all orders my
shop seems to be listed as seller, but I do not have any of the sets sold in
my inventory.
Did you carefully check your inventory, maybe you've got those sets, by mistake?
You could get hacked also. Is your password really difficult? Change it to something
HARD like qTbexoh8yvYp or whatever(s can't be obvious/dictionnary attacked.
You are correct, there are items in my store I didn't list at all, and my
email and password are changed. Strange is that I'm still able to access
my account on devices I was logged in previously.
For now I have closed my shop and will message all buyers once I figured out
how to change my password.
Seems like database problem at the moment, I'm getting some orders from other
shops in my order list.
Most of them are already handled and set to 'ready'. In all orders my
shop seems to be listed as seller, but I do not have any of the sets sold in
my inventory.
All orders have 17 september as date of order, and my last real order is from
the 14th.
Anyone else having these issues?
You do have the sets listed in your store as of today, check you storefront!
For now I did warn all buyers to not pay the invoice, closed the shop again and
emptied the inventory.
I will keep track on the shop tonight as I'm still able to access it.
Still strange that I still have access after they changed the password.
Well, Monday is in 12h for them (+ 8h or so before workday starts).
[…]
Still strange that I still have access after they changed the password.
“Keep me logged in” uses cookies and shared keys between your browser and the
server. The password is not used for that.
(Think of it like a stamp in a night club: your browser has the stamp on its
wrist, it can go out and come back without paying the entry fee again )
Not able to change my password or email, they changed both.
You can change your email adres here: https://www.bricklink.com/pref_email.asp
(via account info).
After that you should be able to use the “forgot my password” function to reset
your password.
I would do the password reset on a separate device, so you don’t loose your current
session by logging out.
Unfortunately you do need your password to change your email.
On the other hand you do not need your email to change your password.
This why I'm now stuck and it was possible to take over my shop without having
access to my email.
I hope Bricklink will make changing passwords a bit more difficult by adding
a email conformation.
In Selling, Ber_i writes:
In Selling, vijv writes:
Not able to change my password or email, they changed both.
You can change your email adres here: https://www.bricklink.com/pref_email.asp
(via account info).
After that you should be able to use the “forgot my password” function to reset
your password.
I would do the password reset on a separate device, so you don’t loose your current
session by logging out.
I've deleted the whole inventory and closed the shop again.
I notified all buyers and warned them to not pay.
It took me 3 hours to find out that the shop was taken over. If this would have
happened during a holiday or something, potential for bigger damage was there.
In total I received 12 orders of which 7 have confirmed to not have payed and
one did.
There was a total order value of aprox 7500 euro and 6000 euro has not been payed
yet. 1000 euro is still not clear. For now there is some damage, but most buyers
were clever enough to not pay to a Dutch seller with a Spanish bank account.
It looks like the biggest damage is the time it will cost to upload the whole
inventory again if all of this is solved.
Unfortunately you do need your password to change your email.
On the other hand you do not need your email to change your password.
Could you change your password then, since you don't need email to do it?
Then log in with email and password and change your email? That must have been
what the hacker did.
Unfortunately you do need your password to change your email.
On the other hand you do not need your email to change your password.
Could you change your password then, since you don't need email to do it?
Then log in with email and password and change your email? That must have been
what the hacker did.
No, because you do need your old password.
So password change: Only old password needed
Email change: email conformation and password needed.
Netherlands, Zeeland
France, Provence-Alpes-Côte d'Azur
Spain, Comunidad Valenciana
)
USA, New Jersey