Discussion Forum: Thread 349666

 Author: Admin_Russell View Messages Posted By Admin_Russell
 Posted: Nov 8, 2023 13:07
 Subject: Update on November 3rd incident
 Viewed: 5494 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Russell

Location:  USA, California
Member Since Contact Type Status
May 9, 2017 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: Nubs_Select View Messages Posted By Nubs_Select
 Posted: Nov 8, 2023 13:09
 Subject: Re: Update on November 3rd incident
 Viewed: 219 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Nubs_Select (4310)

Location:  Canada, Ontario
Member Since Contact Type Status
Mar 15, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Nub's Select
Thankyou for the update! 🍕🍕🍕
 Author: 917679 View Messages Posted By 917679
 Posted: Nov 8, 2023 20:44
 Subject: Re: Update on November 3rd incident
 Viewed: 95 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

917679 (264)

Location:  Australia, Western Australia
Member Since Contact Type Status
May 7, 2017 Contact Member Buyer
Buying Privileges - OK
In Administrative, Nubs_Select writes:
  Thankyou for the update! 🍕🍕🍕

A couple of thoughts:

1. Prioritise adding 2FA. The community has been calling for this for years.

2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.

3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.

4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.

Thanks
 Author: Khyron68 View Messages Posted By Khyron68
 Posted: Nov 8, 2023 23:52
 Subject: Re: Update on November 3rd incident
 Viewed: 77 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Khyron68 (27)

Location:  USA, Michigan
Member Since Contact Type Status
Jan 12, 2020 Contact Member Buyer
Buying Privileges - OK
In Administrative, breesy writes:
  In Administrative, Nubs_Select writes:
  Thankyou for the update! 🍕🍕🍕

A couple of thoughts:

1. Prioritise adding 2FA. The community has been calling for this for years.

2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.

3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.

4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.

Thanks



Firstly "A couple" means 2 not 4

1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
 Author: lostcarpark View Messages Posted By lostcarpark
 Posted: Nov 9, 2023 02:54
 Subject: Re: Update on November 3rd incident
 Viewed: 69 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

lostcarpark (239)

Location:  Ireland, Meath
Member Since Contact Type Status
Dec 28, 2002 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: LostCarPark
In Administrative, Khyron68 writes:

  Firstly "A couple" means 2 not 4

1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted

The announcement (probably wisely) does not give details of the ransom threat.

I, fairly regularly, receive ransom threats for sites I maintain. In general
they don't say anything more than "I've hacked your site. Send me
X Bitcoin or I will do something bad".

If a ransomer wants me to take their threat seriously, they need to include some
information that they couldn't know without having access to the website
internals. As I say we don't know what information the ransomer had.

As I don't run a global marketplace with millions of users, and the consequences
of a Ransomer carrying out any such threat would be much lower, I feel I can
safely ignore these threats.

I applaud Bricklink for taking quick and decisive action.

I do, however, encourage the introduction of 2FA.
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:56
 Subject: Re: Update on November 3rd incident
 Viewed: 56 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, lostcarpark writes:
  I do, however, encourage the introduction of 2FA.

At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
 Author: Give.Me.A.Brick View Messages Posted By Give.Me.A.Brick
 Posted: Nov 9, 2023 03:53
 Subject: Re: Update on November 3rd incident
 Viewed: 77 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Give.Me.A.Brick (10757)

Location:  Portugal
Member Since Contact Type Status Collage
Nov 25, 2002 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Give Me A Brick ϟ
In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple
 Author: popsicle View Messages Posted By popsicle
 Posted: Nov 9, 2023 10:30
 Subject: Re: Update on November 3rd incident
 Viewed: 119 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

popsicle (6732)

Location:  USA, Washington
Member Since Contact Type Status
Feb 21, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: ConstrucToys
In Administrative, Give.Me.A.Brick writes:
  In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
 Author: TorontoLego View Messages Posted By TorontoLego
 Posted: Nov 9, 2023 11:26
 Subject: Re: Update on November 3rd incident
 Viewed: 72 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

TorontoLego (6851)

Location:  Canada, Ontario
Member Since Contact Type Status
Sep 19, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: TORONTO BRICKS
I'm literally dying.

In Administrative, popsicle writes:
  In Administrative, Give.Me.A.Brick writes:
  In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
 Author: popsicle View Messages Posted By popsicle
 Posted: Nov 9, 2023 11:58
 Subject: Re: Update on November 3rd incident
 Viewed: 77 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

popsicle (6732)

Location:  USA, Washington
Member Since Contact Type Status
Feb 21, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: ConstrucToys
In Administrative, TorontoLego writes:
  I'm literally dying.

Not the intent - Just saying (Mitigating any potential charges to at
most 2nd degree manslaughter)

Signed: popsicle
  
In Administrative, popsicle writes:
  In Administrative, Give.Me.A.Brick writes:
  In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
 Author: Give.Me.A.Brick View Messages Posted By Give.Me.A.Brick
 Posted: Nov 9, 2023 14:02
 Subject: Re: Update on November 3rd incident
 Viewed: 67 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Give.Me.A.Brick (10757)

Location:  Portugal
Member Since Contact Type Status Collage
Nov 25, 2002 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Give Me A Brick ϟ
In Administrative, popsicle writes:
  In Administrative, Give.Me.A.Brick writes:
  In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning

No no no.

On that sense, a couple is just and only 2.

My couple of cents, anyway
 Author: popsicle View Messages Posted By popsicle
 Posted: Nov 9, 2023 14:24
 Subject: Re: Update on November 3rd incident
 Viewed: 75 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

popsicle (6732)

Location:  USA, Washington
Member Since Contact Type Status
Feb 21, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: ConstrucToys
In Administrative, Give.Me.A.Brick writes:
  In Administrative, popsicle writes:
  In Administrative, Give.Me.A.Brick writes:
  In Administrative, Khyron68 writes:

  
Firstly "A couple" means 2 not 4


As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:

https://dictionary.cambridge.org/dictionary/english/couple

I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning

No no no.

On that sense, a couple is just and only 2.

My couple of cents, anyway

I know that you understand that. Just having some fun

The English language of all the world's major languages, is a wonderful playground
of sorts, with it's massive vocabulary and seemingly endless exceptions to
it's rules.

-Cory
 Author: r0bb View Messages Posted By r0bb
 Posted: Nov 9, 2023 14:37
 Subject: Re: Update on November 3rd incident
 Viewed: 162 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

r0bb (34)

Location:  Netherlands, Drenthe
Member Since Contact Type Status
Oct 13, 2021 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Cyberdyne Bricks
In Administrative, Give.Me.A.Brick writes:

  My couple of cents, anyway

Wow, I don't think you ever offered anything for a couple of cents on here!
 Author: A_Chicken View Messages Posted By A_Chicken
 Posted: Dec 17, 2023 00:37
 Subject: Re: Update on November 3rd incident
 Viewed: 139 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

A_Chicken (0)

Location:  Australia, New South Wales
Member Since Contact Type Status
Jan 29, 2023 Contact Member Buyer
No Longer Registered
No Longer Registered
*dies of cringe*
 Author: SeaBRICKLin_213 View Messages Posted By SeaBRICKLin_213
 Posted: Jan 2, 2024 20:15
 Subject: Re: Update on November 3rd incident
 Viewed: 109 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

SeaBRICKLin_213 (3)

Location:  Philippines, Bulacan
Member Since Contact Type Status
Sep 2, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Seacoft's Bricks
In Administrative, A_Chicken writes:
  *dies of cringe*

For real dude. This forum may be too cringy.
 Author: 1001bricks View Messages Posted By 1001bricks
 Posted: Jan 2, 2024 20:59
 Subject: Re: Update on November 3rd incident
 Viewed: 126 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

1001bricks (53648)

Location:  France, Provence-Alpes-Côte d'Azur
Member Since Contact Type Status
Sep 6, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: 1001bricks
In Administrative, SeaBRICKLin_213 writes:
  In Administrative, A_Chicken writes:
  *dies of cringe*

For real dude. This forum may be too cringy.

I must say, r0bb reply here was really hilarious
https://www.bricklink.com/message.asp?ID=1438223
 Author: Milann View Messages Posted By Milann
 Posted: Feb 11, 2024 18:57
 Subject: Re: Update on November 3rd incident
 Viewed: 110 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Milann (0)

Location:  United Kingdom, England
Member Since Contact Type Status
Dec 21, 2023 Contact Member Buyer
Buying Privileges - OK
In Administrative, Nubs_Select writes:
  Thankyou for the update! 🍕🍕🍕
 Author: TheBrickGuys View Messages Posted By TheBrickGuys
 Posted: Nov 8, 2023 13:11
 Subject: Re: Update on November 3rd incident
 Viewed: 147 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

TheBrickGuys (13859)

Location:  USA, California
Member Since Contact Type Status
Dec 18, 2010 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: TheBrickGuys
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thanks for working to get us back up and running quickly. It was surprising just
how much we depend on BrickLink, I felt literally lost at times without it so
thanks again.

Jim.
 Author: Stuart9 View Messages Posted By Stuart9
 Posted: Nov 8, 2023 13:16
 Subject: Re: Update on November 3rd incident
 Viewed: 100 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Stuart9 (1324)

Location:  United Kingdom, England
Member Since Contact Type Status Collage
Jul 22, 2012 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Top Slot
Thank you everyone at BL. 👍👏🙂




In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: Tracyd View Messages Posted By Tracyd
 Posted: Nov 8, 2023 13:17
 Subject: Re: Update on November 3rd incident
 Viewed: 105 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Tracyd (469)

Location:  USA, Texas
Member Since Contact Type Status
May 29, 2003 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Tracyd's
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you and great job on stopping the issue when it became apparent and finding
out what was impacted.
 Author: 3001Bricks View Messages Posted By 3001Bricks
 Posted: Nov 8, 2023 13:21
 Subject: Re: Update on November 3rd incident
 Viewed: 85 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

3001Bricks (2562)

Location:  USA, Arkansas
Member Since Contact Type Status
Dec 30, 2015 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: 3001Bricks
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team


Thank you!
 Author: jbricks View Messages Posted By jbricks
 Posted: Nov 8, 2023 13:23
 Subject: Re: November 3rd incident new safety features.
 Viewed: 99 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

jbricks (18973)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Mar 5, 2009 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: jbricks
Good to see that there are new safetyprotocols with the login process.

Emails if new devices login,
Emails that you want to change your password.

That is very helpfull for this case,


Although it took a very long time to be back up again, (waiting always looks
like ages and ages)

We are happy to see that this is taken seriously,

Happy shopping everyone,
 Author: Admin_Russell View Messages Posted By Admin_Russell
 Posted: Nov 8, 2023 13:23
 Subject: Re: Update on November 3rd incident
 Viewed: 320 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Russell

Location:  USA, California
Member Since Contact Type Status
May 9, 2017 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Here is an FAQ with more information:

https://www.bricklink.com/help.asp?helpID=2613
 Author: zorbanj View Messages Posted By zorbanj
 Posted: Nov 8, 2023 13:36
 Subject: Re: Update on November 3rd incident
 Viewed: 82 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

zorbanj (890)

Location:  USA, New Jersey
Member Since Contact Type Status
Dec 14, 2003 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: ZorbaNJ's Bricks
What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.

May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.


In Administrative, Admin_Russell writes:
  
Here is an FAQ with more information:

https://www.bricklink.com/help.asp?helpID=2613
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:24
 Subject: Re: Update on November 3rd incident
 Viewed: 58 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, zorbanj writes:
  What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.

May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.

Thank you!

There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
 Author: zorbanj View Messages Posted By zorbanj
 Posted: Nov 9, 2023 13:30
 Subject: Re: Update on November 3rd incident
 Viewed: 36 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

zorbanj (890)

Location:  USA, New Jersey
Member Since Contact Type Status
Dec 14, 2003 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: ZorbaNJ's Bricks
Very nice, thanks for adding it!

In Administrative, CE_Uday writes:
  In Administrative, zorbanj writes:
  What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.

May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.

Thank you!

There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
 Author: macebobo View Messages Posted By macebobo
 Posted: Nov 8, 2023 13:23
 Subject: Re: Update on November 3rd incident
 Viewed: 70 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

macebobo (2701)

Location:  USA, Oregon
Member Since Contact Type Status
Apr 3, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: MacsBricks
Thank you Russell and team!
 Author: Zixx View Messages Posted By Zixx
 Posted: Nov 8, 2023 13:24
 Subject: Re: Update on November 3rd incident
 Viewed: 58 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Zixx (7371)

Location:  USA, California
Member Since Contact Type Status
Nov 23, 2001 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Zixx Bricks
Thank you for all the behind the scenes work that many put in to the site to
get it back up and running.

Your hard work is truly appreciated!
 Author: BigBBricks View Messages Posted By BigBBricks
 Posted: Nov 8, 2023 13:24
 Subject: Re: Update on November 3rd incident
 Viewed: 111 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BigBBricks (16624)

Location:  USA, Pennsylvania
Member Since Contact Type Status
Dec 2, 2013 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Big B Bricks
Thanks to you and the team for getting this turned back on quickly, given the
timing, it could have been much worse. And the offer to buy coffee for the team
still stands.
 Author: BricksOfFaith View Messages Posted By BricksOfFaith
 Posted: Nov 8, 2023 13:31
 Subject: (Cancelled)
 Viewed: 54 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BricksOfFaith (164)

Location:  USA, Tennessee
Member Since Contact Type Status
Mar 21, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricks of Faith
(Cancelled)
 Author: ralphs_bricks View Messages Posted By ralphs_bricks
 Posted: Nov 8, 2023 13:31
 Subject: Re: Update on November 3rd incident
 Viewed: 129 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

ralphs_bricks (2596)

Location:  USA, New York
Member Since Contact Type Status Collage
Feb 13, 2017 Member Does Not Allow Contact Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: 0 -> Ralph's Bricks <- 0
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
 Author: BricksOfFaith View Messages Posted By BricksOfFaith
 Posted: Nov 8, 2023 13:32
 Subject: Re: Update on November 3rd incident
 Viewed: 55 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BricksOfFaith (164)

Location:  USA, Tennessee
Member Since Contact Type Status
Mar 21, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricks of Faith
In Administrative, ralphs_bricks writes:
  
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

I sent one without issue through safari.
 Author: Stellar View Messages Posted By Stellar
 Posted: Nov 8, 2023 13:33
 Subject: Re: Update on November 3rd incident
 Viewed: 63 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Stellar (3802)

Location:  Spain, Comunidad Valenciana
Member Since Contact Type Status
Sep 24, 2015 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Stellar Bricks
BrickLink Discussions Moderator (?)
In Administrative, ralphs_bricks writes:
  In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

Sent one just after seeing your message and mine worked fine!
 Author: ralphs_bricks View Messages Posted By ralphs_bricks
 Posted: Nov 8, 2023 13:42
 Subject: Re: Update on November 3rd incident
 Viewed: 71 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

ralphs_bricks (2596)

Location:  USA, New York
Member Since Contact Type Status Collage
Feb 13, 2017 Member Does Not Allow Contact Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: 0 -> Ralph's Bricks <- 0
In Administrative, ralphs_bricks writes:
  In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

I was able to do a mass drive thru for my orders but individual drive thrus are
still coming up as 403 Forbidden for me.
 Author: Luxurybricks View Messages Posted By Luxurybricks
 Posted: Nov 8, 2023 14:24
 Subject: Re: Update on November 3rd incident
 Viewed: 82 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Luxurybricks (2783)

Location:  Germany, Hamburg
Member Since Contact Type Status
Jan 8, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Luxurybricks UP TO 60% OFF
In Technical Issues, ralphs_bricks writes:
  In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

Same here, also when I try to change the order status
 Author: BricksOfFaith View Messages Posted By BricksOfFaith
 Posted: Nov 8, 2023 16:36
 Subject: Re: Update on November 3rd incident
 Viewed: 97 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BricksOfFaith (164)

Location:  USA, Tennessee
Member Since Contact Type Status
Mar 21, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricks of Faith
In Technical Issues, ralphs_bricks writes:
  
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

Been getting the same error when trying to send a quote… others with sending
invoices
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:10
 Subject: Re: Update on November 3rd incident
 Viewed: 57 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Technical Issues, ralphs_bricks writes:
  Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.

Our team is aware of a few 403 Forbidden errors and they're working on correcting
them. Thank you all for your continued patience.
 Author: MEAD_Bricks View Messages Posted By MEAD_Bricks
 Posted: Nov 8, 2023 13:33
 Subject: Re: Update on November 3rd incident
 Viewed: 64 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

MEAD_Bricks (3566)

Location:  Canada, Quebec
Member Since Contact Type Status
Jun 29, 2020 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: MEAD BRICKS
Thank you!
 Author: WhiteHorseMatt View Messages Posted By WhiteHorseMatt
 Posted: Nov 8, 2023 13:35
 Subject: Re: Update on November 3rd incident
 Viewed: 66 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

WhiteHorseMatt (1579)

Location:  United Kingdom, England
Member Since Contact Type Status
Oct 3, 2010 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: White Horse Bricks
Are there any plans to implement Two factor authentication for sign in following
the issues?

Matt
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:55
 Subject: Re: Update on November 3rd incident
 Viewed: 66 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Technical Issues, WhiteHorseMatt writes:
  Are there any plans to implement Two factor authentication for sign in following
the issues?

Matt

At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
 Author: BricksOfFaith View Messages Posted By BricksOfFaith
 Posted: Nov 8, 2023 13:35
 Subject: Re: Update on November 3rd incident
 Viewed: 46 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BricksOfFaith (164)

Location:  USA, Tennessee
Member Since Contact Type Status
Mar 21, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricks of Faith
Thank you guys for everything you’ve done this week!!
 Author: LegendaryConch View Messages Posted By LegendaryConch
 Posted: Nov 8, 2023 13:35
 Subject: Re: Update on November 3rd incident
 Viewed: 54 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

LegendaryConch (55)

Location:  USA, Alabama
Member Since Contact Type Status
May 23, 2022 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The Little Minifig Shop
Thank you to everyone over at the Bricklink Team! Your hard work and dedication
are greatly appreciated. 🙏
 Author: PlanetEarthToys View Messages Posted By PlanetEarthToys
 Posted: Nov 8, 2023 13:36
 Subject: (Cancelled)
 Viewed: 96 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

PlanetEarthToys (140)

Location:  USA, Arkansas
Member Since Contact Type Status
Aug 24, 2021 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Planet Earth Toys
(Cancelled)
 Author: rtzx9r View Messages Posted By rtzx9r
 Posted: Nov 8, 2023 13:40
 Subject: (Cancelled)
 Viewed: 106 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

rtzx9r (1061)

Location:  USA, Arizona
Member Since Contact Type Status
Apr 1, 2002 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Sunshine Builders Supply
(Cancelled)
 Author: coevorden01 View Messages Posted By coevorden01
 Posted: Nov 8, 2023 13:53
 Subject: (Cancelled)
 Viewed: 53 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

coevorden01 (564)

Location:  Netherlands, Drenthe
Member Since Contact Type Status
May 1, 2019 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: sailorbricks
In Administrative, rtzx9r writes:
  (Cancelled)


thxs !!!!
 Author: DeLuca View Messages Posted By DeLuca
 Posted: Nov 8, 2023 13:52
 Subject: (Cancelled)
 Viewed: 44 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

DeLuca (293)

Location:  USA, Virginia
Member Since Contact Type Status
Jan 2, 2004 Contact Member Buyer
Buying Privileges - OK
Huh??
 Author: Averip View Messages Posted By Averip
 Posted: Nov 8, 2023 13:37
 Subject: Re: Update on November 3rd incident
 Viewed: 51 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Averip (72)

Location:  Canada, Quebec
Member Since Contact Type Status
Mar 8, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Averip's Bricks
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you for the update, really appreciated !
 Author: librarian View Messages Posted By librarian
 Posted: Nov 8, 2023 13:37
 Subject: Re: Update on November 3rd incident
 Viewed: 44 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

librarian (1009)

Location:  Netherlands, Noord-Brabant
Member Since Contact Type Status
Jan 3, 2007 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Brick-Space
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thanks for the update.

Chip
 Author: Steineflut View Messages Posted By Steineflut
 Posted: Nov 8, 2023 13:37
 Subject: Re: Update on November 3rd incident
 Viewed: 84 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Steineflut (4279)

Location:  Germany, Nordrhein-Westfalen
Member Since Contact Type Status
May 31, 2012 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Steineflut
Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.

I have one question and one comment though.

Has price guide info been deleted of orders that have been identified as fraudulent?


I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.


Thanks again 👍
 Author: Admin_Russell View Messages Posted By Admin_Russell
 Posted: Nov 8, 2023 13:52
 Subject: Re: Update on November 3rd incident
 Viewed: 144 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Russell

Location:  USA, California
Member Since Contact Type Status
May 9, 2017 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Steineflut writes:
  Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.

I have one question and one comment though.

Has price guide info been deleted of orders that have been identified as fraudulent?

Yes, those orders were all cancelled. There may be a few that didn't get
cancelled before we went offline, but we will take care of those shortly.
 Author: bricknovice View Messages Posted By bricknovice
 Posted: Nov 8, 2023 14:01
 Subject: Re: Update on November 3rd incident
 Viewed: 47 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

bricknovice (112)

Location:  USA, California
Member Since Contact Type Status
Aug 17, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: brick-and-minifig
In Administrative, Steineflut writes:
  Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.

I have one question and one comment though.

Has price guide info been deleted of orders that have been identified as fraudulent?


I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.


Thanks again 👍

Thank you to the BrickLink team for working tirelessly through the long days
and nights to flush out the bad actors and get the site back up and running as
quickly as possible. Definitely missed the site the last few days and am so glad
to have it back up.

I second the request to ensure the fraudulent transactions have been removed
from the price guide.

Thanks again!
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 8, 2023 13:38
 Subject: Re: Update on November 3rd incident
 Viewed: 102 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
You can read the FAQs at this link: https://www.bricklink.com/help.asp?helpID=2613

Thank you to everyone for your support and patience!
 Author: Stankec1983 View Messages Posted By Stankec1983
 Posted: Nov 8, 2023 13:39
 Subject: Re: Update on November 3rd incident
 Viewed: 67 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Stankec1983 (145)

Location:  Croatia, Zagreb Region
Member Since Contact Type Status Collage
Dec 28, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Zoran Wheels and Figs Shop
Thank you! Cheers from Croatia!
 Author: Tuzi View Messages Posted By Tuzi
 Posted: Nov 8, 2023 13:44
 Subject: Re: Update on November 3rd incident
 Viewed: 60 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Tuzi (13)

Location:  Netherlands, Zuid-Holland
Member Since Contact Type Status
May 21, 2022 Contact Member Buyer
Buying Privileges - OK
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

....

Thank you for your hard work! I hope two-factor authentication will be added
soon to prevent this scenario from happening again
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:56
 Subject: Re: Update on November 3rd incident
 Viewed: 47 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Tuzi writes:
  Thank you for your hard work! I hope two-factor authentication will be added
soon to prevent this scenario from happening again

We will continue to increase security on BrickLink and will communicate about
any new security features as they become available
 Author: Jaabo View Messages Posted By Jaabo
 Posted: Nov 8, 2023 13:45
 Subject: Re: Update on November 3rd incident
 Viewed: 75 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Jaabo (5477)

Location:  USA, Georgia
Member Since Contact Type Status Collage
Aug 10, 2001 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: BrickTsar
Thank you very much!



In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: WonderlandToys View Messages Posted By WonderlandToys
 Posted: Nov 8, 2023 13:48
 Subject: Re: Update on November 3rd incident
 Viewed: 51 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

WonderlandToys (2100)

Location:  Belgium, Limburg
Member Since Contact Type Status
Mar 8, 2009 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Wonderland
Thanks to the entire bricklink team for getting the site back up and running!
 Author: Rob_and_Shelagh View Messages Posted By Rob_and_Shelagh
 Posted: Nov 8, 2023 13:49
 Subject: Re: Update on November 3rd incident
 Viewed: 59 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Rob_and_Shelagh (26544)

Location:  United Kingdom, England
Member Since Contact Type Status
Nov 3, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: YELLOW FARM BRICKS
Dear Bricklink team,

Thanks to all who worked hard to restore the site and continue to support our
activities here, we really appreciate it!

Best regards,
Robert & Shelagh
Yellow Farm Bricks
 Author: Familybuild View Messages Posted By Familybuild
 Posted: Nov 8, 2023 13:51
 Subject: Re: Update on November 3rd incident
 Viewed: 43 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Familybuild (149)

Location:  Netherlands, Zuid-Holland
Member Since Contact Type Status
Nov 16, 2022 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: FamilyBuilds
Thank you for all the hard work.
And long hours needed to confront this head on.

great job you all.
 Author: MAGICBRICKS View Messages Posted By MAGICBRICKS
 Posted: Nov 8, 2023 13:51
 Subject: Re: Update on November 3rd incident
 Viewed: 49 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

MAGICBRICKS (6798)

Location:  Germany, Schleswig-Holstein
Member Since Contact Type Status
Sep 12, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: MAGICBRICKS---RARE PARTS--
So many thanks for your great work, safety eyes 👀 and I think weckte all very
happy to have back this fantastic platform. And now…..SHOOOOOOOPPING 🤑🤑🤑

Sascha / MAGICBRICKS
 Author: BubbaVonBraun View Messages Posted By BubbaVonBraun
 Posted: Nov 8, 2023 13:51
 Subject: Re: Update on November 3rd incident
 Viewed: 49 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BubbaVonBraun (58)

Location:  Australia, Victoria
Member Since Contact Type Status
Aug 9, 2021 Contact Member Buyer
Buying Privileges - OK
Folks,

Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.

Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.

Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.

You all deserve our thanks.

Best Regards
BvB.
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:27
 Subject: Re: Update on November 3rd incident
 Viewed: 57 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, BubbaVonBraun writes:
  Folks,

Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.

Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.

Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.

You all deserve our thanks.

Best Regards
BvB.

Thank you for the kind words, and thank you everyone for your support
 Author: Give.Me.A.Brick View Messages Posted By Give.Me.A.Brick
 Posted: Nov 8, 2023 13:52
 Subject: Re: Update on November 3rd incident
 Viewed: 73 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Give.Me.A.Brick (10757)

Location:  Portugal
Member Since Contact Type Status Collage
Nov 25, 2002 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Give Me A Brick ϟ
A huge THANK YOU Russell and everyone on the BrickLink Team!

We are very grateful for all the hard work and sleepless nights you all have
put to safely reopen this much missed site

All the best to Bricklink!
 Author: DeLuca View Messages Posted By DeLuca
 Posted: Nov 8, 2023 13:54
 Subject: Re: Update on November 3rd incident
 Viewed: 56 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

DeLuca (293)

Location:  USA, Virginia
Member Since Contact Type Status
Jan 2, 2004 Contact Member Buyer
Buying Privileges - OK
Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
 Author: DeLuca View Messages Posted By DeLuca
 Posted: Nov 8, 2023 13:54
 Subject: Re: Update on November 3rd incident
 Viewed: 64 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

DeLuca (293)

Location:  USA, Virginia
Member Since Contact Type Status
Jan 2, 2004 Contact Member Buyer
Buying Privileges - OK
Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
 Author: jodawill View Messages Posted By jodawill
 Posted: Nov 8, 2023 14:01
 Subject: Re: Update on November 3rd incident
 Viewed: 50 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

jodawill (146)

Location:  USA, Indiana
Member Since Contact Type Status Collage
Oct 18, 2011 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store Closed Store: Kokomo Bricks
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.

Is there any chance we could get TOTP 2FA and longer passwords?
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:59
 Subject: Re: Update on November 3rd incident
 Viewed: 47 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, jodawill writes:
  Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.

Is there any chance we could get TOTP 2FA and longer passwords?

The 15-character limit for passwords is an existing limitation that hasn't
been changed. At the moment, BrickLink doesn't support two-factor authentication.
However, we will continue to increase security on our platform and will communicate
about any new security features as they become available.
 Author: calebfishn View Messages Posted By calebfishn
 Posted: Nov 8, 2023 14:01
 Subject: Re: Update on November 3rd incident
 Viewed: 48 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

calebfishn (2198)

Location:  Canada, Ontario
Member Since Contact Type Status
Feb 17, 2009 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Barbie's Brick Store
Life support systems re-activated.

Thanks.
 Author: BrickSteinBe View Messages Posted By BrickSteinBe
 Posted: Nov 8, 2023 14:03
 Subject: Re: Update on November 3rd incident
 Viewed: 43 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BrickSteinBe (111)

Location:  Belgium, Limburg
Member Since Contact Type Status
Mar 1, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: BrickSteinBe
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team


Thanks! Time for some welldeserved sleep for you
 Author: SylvainLS View Messages Posted By SylvainLS
 Posted: Nov 8, 2023 14:03
 Subject: Re: Update on November 3rd incident
 Viewed: 93 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

SylvainLS (48)

Location:  France, Nouvelle-Aquitaine
Member Since Contact Type Status
Apr 25, 2014 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: BuyerOnly
BrickLink Discussions Moderator (?)
Not sure GIFs work on the forum, so: http://slswww.free.fr/withdrawal.gif

Also: https://www.youtube.com/watch?v=PefGSnsKib4
 
 Author: Nubs_Select View Messages Posted By Nubs_Select
 Posted: Nov 8, 2023 14:10
 Subject: Re: Update on November 3rd incident
 Viewed: 76 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Nubs_Select (4310)

Location:  Canada, Ontario
Member Since Contact Type Status
Mar 15, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Nub's Select
 Author: macebobo View Messages Posted By macebobo
 Posted: Nov 8, 2023 16:27
 Subject: Re: Update on November 3rd incident
 Viewed: 81 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

macebobo (2701)

Location:  USA, Oregon
Member Since Contact Type Status
Apr 3, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: MacsBricks
In Administrative, SylvainLS writes:
  Not sure GIFs work on the forum, so: http://slswww.free.fr/withdrawal.gif

I was feeling the same way! I think I am addicted to love, er, Bricklink.
 Author: SylvainLS View Messages Posted By SylvainLS
 Posted: Nov 8, 2023 16:40
 Subject: Re: Update on November 3rd incident
 Viewed: 70 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

SylvainLS (48)

Location:  France, Nouvelle-Aquitaine
Member Since Contact Type Status
Apr 25, 2014 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: BuyerOnly
BrickLink Discussions Moderator (?)
In Administrative, macebobo writes:
  In Administrative, SylvainLS writes:
  Not sure GIFs work on the forum, so: http://slswww.free.fr/withdrawal.gif

I was feeling the same way! I think I am addicted to love, er, Bricklink.

And chocolate?

I need a 5th image: the site is back online!
 Author: pineBRICKS View Messages Posted By pineBRICKS
 Posted: Nov 8, 2023 14:04
 Subject: Re: Update on November 3rd incident
 Viewed: 36 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

pineBRICKS (2166)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
Oct 24, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: pineBRICKS 🌲
Thank you Bricklink team for all your efforts!
 Author: Thoi4125 View Messages Posted By Thoi4125
 Posted: Nov 8, 2023 14:04
 Subject: Re: Update on November 3rd incident
 Viewed: 47 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Thoi4125 (2)

Location:  USA, Montana
Member Since Contact Type Status
Jan 23, 2021 Contact Member Buyer
Buying Privileges - OK
Thank you for being so transparent and proactive!.

In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.


Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: CE_Tanja View Messages Posted By CE_Tanja
 Posted: Nov 8, 2023 14:05
 Subject: Re: Update on November 3rd incident
 Viewed: 125 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Tanja

Location:  USA, California
Member Since Contact Type Status
Feb 17, 2021 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
Thank you for all your kind thoughts!

For good reason we are currently experiencing a very high load on our systems
due to seller activity.

We understand that everyone is keen to get everything back in order so we have
temporarily paused the cart algorithm for the MOC Pop-up store to increase capacity.




In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: oaktree View Messages Posted By oaktree
 Posted: Nov 8, 2023 14:05
 Subject: Re: Update on November 3rd incident
 Viewed: 73 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

oaktree (1613)

Location:  USA, Pennsylvania
Member Since Contact Type Status
Jul 20, 2019 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Oak Tree Antiques
Many thanks to everyone at BrickLink for all the hard work of getting everything
back up and running for us!



In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: jonwil View Messages Posted By jonwil
 Posted: Nov 8, 2023 14:07
 Subject: Re: Update on November 3rd incident
 Viewed: 48 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

jonwil (85)

Location:  Australia, Queensland
Member Since Contact Type Status
Jul 9, 2002 Member Does Not Allow Contact Buyer
Buying Privileges - OK
It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 13:59
 Subject: Re: Update on November 3rd incident
 Viewed: 57 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, jonwil writes:
  It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.

Thank you for the feedback. At the moment, BrickLink does not support two-factor
authentication. However, we will continue to increase security on our platform
and will communicate about any new security features as they become available.
 Author: CanadaFirst View Messages Posted By CanadaFirst
 Posted: Nov 8, 2023 14:08
 Subject: Re: Update on November 3rd incident
 Viewed: 64 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CanadaFirst (34588)

Location:  Canada, Quebec
Member Since Contact Type Status
Mar 27, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Canada First Bricks
Thank you for the hard work your team put in, it's really appreciated!
 Author: CE_Tanja View Messages Posted By CE_Tanja
 Posted: Nov 8, 2023 14:08
 Subject: Re: Update on November 3rd incident
 Viewed: 129 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Tanja

Location:  USA, California
Member Since Contact Type Status
Feb 17, 2021 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
We are seeing a high number of Helpdesk tickets related to entering the site
due to added security measures. We will be looking in to these, just giving everyone
impacted a heads up since we are not able to answer them all right away.


In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: cosmicray View Messages Posted By cosmicray
 Posted: Nov 8, 2023 14:12
 Subject: Re: Update on November 3rd incident
 Viewed: 56 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

cosmicray (3556)

Location:  USA, Florida
Member Since Contact Type Status Collage
Oct 1, 2000 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Cosmic Toys
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you to the entire team, for all the hard work and long hours !

Nita Rae
 Author: Michaeld1983 View Messages Posted By Michaeld1983
 Posted: Nov 8, 2023 14:13
 Subject: Re: Update on November 3rd incident
 Viewed: 74 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Michaeld1983 (2105)

Location:  Australia, New South Wales
Member Since Contact Type Status
Jan 26, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Mike's Surplus Bricks
Thanks team for getting everything back up. You have handled this situation with
care and speed. I appreciate your efforts and fortunately my store (and inventory)
remain intact. Cheers Mike
 Author: Delsyn View Messages Posted By Delsyn
 Posted: Nov 8, 2023 14:15
 Subject: Re: Update on November 3rd incident
 Viewed: 59 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Delsyn (105)

Location:  USA, Utah
Member Since Contact Type Status
Oct 28, 2022 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Croft Warehouse
Way to go team! We appreciate you!
 Author: BrickDeals View Messages Posted By BrickDeals
 Posted: Nov 8, 2023 14:21
 Subject: Re: Update on November 3rd incident
 Viewed: 88 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

BrickDeals (2892)

Location:  USA, Virginia
Member Since Contact Type Status
Jan 13, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Brick Deals©
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 16:53
 Subject: Re: Update on November 3rd incident
 Viewed: 127 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, BrickDeals writes:
  Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.

We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
 Author: StreamyBrick View Messages Posted By StreamyBrick
 Posted: Nov 10, 2023 03:02
 Subject: Re: Update on November 3rd incident
 Viewed: 41 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StreamyBrick (432)

Location:  Netherlands, Noord-Holland
Member Since Contact Type Status
Jun 4, 2014 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Streamy Bricks Store
In Administrative, CE_Uday writes:
  In Administrative, BrickDeals writes:
  Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.

We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.


why do i keep getting this update your password message ?? already did that
 Author: StreamyBrick View Messages Posted By StreamyBrick
 Posted: Nov 10, 2023 03:03
 Subject: Re: Update on November 3rd incident
 Viewed: 67 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StreamyBrick (432)

Location:  Netherlands, Noord-Holland
Member Since Contact Type Status
Jun 4, 2014 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Streamy Bricks Store
In Administrative, kdwykleingeld writes:
  In Administrative, CE_Uday writes:
  In Administrative, BrickDeals writes:
  Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.

We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.


why do i keep getting this update your password message ?? already did that

we can assume that everyone who can access bl again has changed its password
since that was required.. so no need for that message
 Author: skazy View Messages Posted By skazy
 Posted: Nov 8, 2023 14:25
 Subject: Re: Update on November 3rd incident
 Viewed: 94 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

skazy (1416)

Location:  Slovenia
Member Since Contact Type Status
Jun 2, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Skazy Shop
Thank you for the BL team's big effort these last days! Good job.


In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: larvalrin View Messages Posted By larvalrin
 Posted: Nov 8, 2023 14:29
 Subject: Re: Update on November 3rd incident
 Viewed: 86 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

larvalrin (5)

Location:  USA, North Carolina
Member Since Contact Type Status
May 13, 2023 Contact Member Buyer
Buying Privileges - OK
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

I can't believe how much I missed bricklink I can finally start my
little project!
 Author: Luxurybricks View Messages Posted By Luxurybricks
 Posted: Nov 8, 2023 14:32
 Subject: Re: Update on November 3rd incident
 Viewed: 118 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Luxurybricks (2783)

Location:  Germany, Hamburg
Member Since Contact Type Status
Jan 8, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Luxurybricks UP TO 60% OFF
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Many thanks to the BL-Team for the much effort.
Is it possible for the IT-team to add the ip-address to the E-Mail login notice?
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 16:11
 Subject: Re: Update on November 3rd incident
 Viewed: 86 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Luxurybricks writes:
  Many thanks to the BL-Team for the much effort.
Is it possible for the IT-team to add the ip-address to the E-Mail login notice?

Thank you for the suggestion! The team will add the IP address to the email notice.
They're in the process now
 Author: wahiggin View Messages Posted By wahiggin
 Posted: Nov 8, 2023 14:51
 Subject: Re: Update on November 3rd incident
 Viewed: 69 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

wahiggin (2977)

Location:  USA, Alabama
Member Since Contact Type Status Collage
Jun 30, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: We-Like-It Bricks
Thank you for the steps taken to get our beloved site back up and working again.
 Author: MYLEGOBRICKS View Messages Posted By MYLEGOBRICKS
 Posted: Nov 8, 2023 14:54
 Subject: Re: Update on November 3rd incident
 Viewed: 79 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

MYLEGOBRICKS (3042)

Location:  USA, California
Member Since Contact Type Status
Nov 20, 2010 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: CALIFORNIA BRICK STORE
MANY THANKS FOR GETTING US BACK UP AND RUNNING.
GIVE YOURSELVES A WELL-DESERVED PAT ON THE BACK .....
  
Your BrickLink Team
 Author: Harrisok12 View Messages Posted By Harrisok12
 Posted: Nov 8, 2023 15:03
 Subject: Re: Update on November 3rd incident
 Viewed: 74 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Harrisok12 (3271)

Location:  Australia, Tasmania
Member Since Contact Type Status
Apr 18, 2017 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Pretty Bricks
Thanks for all your hard work. Great to see the site up again
 Author: KyleKatarn98 View Messages Posted By KyleKatarn98
 Posted: Nov 8, 2023 15:10
 Subject: Re: Update on November 3rd incident
 Viewed: 62 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

KyleKatarn98 (218)

Location:  Poland, w. Pomorskie
Member Since Contact Type Status
Jul 27, 2017 Contact Member Buyer
Buying Privileges - OK
Wielkie dzięki za odblokowanie naszej ulubionej strony!
Great thanks for unlocking our favourite site!

In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: Debstarcrazy View Messages Posted By Debstarcrazy
 Posted: Nov 8, 2023 15:16
 Subject: Re: Update on November 3rd incident
 Viewed: 51 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Debstarcrazy (200)

Location:  United Kingdom, England
Member Since Contact Type Status
Apr 9, 2020 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Brick of the Jedi
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

So good to be back! Huge thanks and well done to all the team for getting us
back up and running again. Job well done. Go and get some sleep now people!
 Author: Boy_Anachronism View Messages Posted By Boy_Anachronism
 Posted: Nov 8, 2023 15:19
 Subject: Re: Update on November 3rd incident
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Boy_Anachronism (378)

Location:  United Kingdom, England
Member Since Contact Type Status
Feb 24, 2012 Member Does Not Allow Contact Buyer
Buying Privileges - OK
Thank you for all your work, it is very much appreciated!
 Author: welo999 View Messages Posted By welo999
 Posted: Nov 8, 2023 15:21
 Subject: Re: Update on November 3rd incident
 Viewed: 72 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

welo999 (1320)

Location:  Austria, Wien
Member Since Contact Type Status
Oct 19, 2014 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Vienna Brick Depot
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

Thanks for taking care, even if took a few days. Better safe than sorry!
 Author: marjansmit View Messages Posted By marjansmit
 Posted: Nov 8, 2023 15:30
 Subject: Re: Update on November 3rd incident
 Viewed: 41 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

marjansmit (340)

Location:  Netherlands, Zuid-Holland
Member Since Contact Type Status
Sep 16, 2013 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Marjan Special Bricks
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thanks Team. You realise what you appreciate at the moment you do not have it
anymore. Keep up the good work!

MSB-Bricks
 Author: steinzeugs View Messages Posted By steinzeugs
 Posted: Nov 8, 2023 15:31
 Subject: Re: Update on November 3rd incident
 Viewed: 55 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

steinzeugs (837)

Location:  Germany, Nordrhein-Westfalen
Member Since Contact Type Status
Jun 17, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Steinzeugs
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Good to see you back. A big THANK YOU for the quick fix!
 Author: RutiFruti View Messages Posted By RutiFruti
 Posted: Nov 8, 2023 15:33
 Subject: Re: Update on November 3rd incident
 Viewed: 56 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

RutiFruti (14)

Location:  Germany, Hamburg
Member Since Contact Type Status
May 25, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Dracobrick
Great to be back!! Many, many thanks Bricklink team for your work these days
and for keeping us posted!!

In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: tec View Messages Posted By tec
 Posted: Nov 8, 2023 15:33
 Subject: Re: Update on November 3rd incident
 Viewed: 92 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

tec (68)

Location:  Italy, Marche
Member Since Contact Type Status
Dec 30, 2020 Contact Member Buyer
Buying Privileges - OK
These have been 5 intense days I imagine
But i nthe end you did it.
Go admins!
keep up the good work
 Author: Lebostein View Messages Posted By Lebostein
 Posted: Nov 8, 2023 15:47
 Subject: Why password with 15 digits only?
 Viewed: 151 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Lebostein (29)

Location:  Germany, Sachsen
Member Since Contact Type Status
Feb 4, 2019 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Lebobrick
15 digits are a joke with regard to modern security recommendations
 Author: 1001bricks View Messages Posted By 1001bricks
 Posted: Nov 8, 2023 21:15
 Subject: Re: Why password with 15 digits only?
 Viewed: 140 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

1001bricks (53648)

Location:  France, Provence-Alpes-Côte d'Azur
Member Since Contact Type Status
Sep 6, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: 1001bricks
In Administrative, Lebostein writes:
  15 digits are a joke with regard to modern security recommendations

I don't think 15 digits are a joke.

(Partially got from the web...)

26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars

15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords

If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.

Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.

In short, I think 15 digits is already VERY fine - please be happy!
 Author: 917679 View Messages Posted By 917679
 Posted: Nov 8, 2023 21:21
 Subject: Re: Why password with 15 digits only?
 Viewed: 76 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

917679 (264)

Location:  Australia, Western Australia
Member Since Contact Type Status
May 7, 2017 Contact Member Buyer
Buying Privileges - OK
In Administrative, 1001bricks writes:
  In Administrative, Lebostein writes:
  15 digits are a joke with regard to modern security recommendations

I don't think 15 digits are a joke.

(Partially got from the web...)

26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars

15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords

If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.

Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.

In short, I think 15 digits is already VERY fine - please be happy!

You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.

If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
 Author: 1001bricks View Messages Posted By 1001bricks
 Posted: Nov 8, 2023 21:39
 Subject: Re: Why password with 15 digits only?
 Viewed: 97 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

1001bricks (53648)

Location:  France, Provence-Alpes-Côte d'Azur
Member Since Contact Type Status
Sep 6, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: 1001bricks
  
  I don't think 15 digits are a joke.

(Partially got from the web...)

26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars

15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords

If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.

Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.

In short, I think 15 digits is already VERY fine - please be happy!

You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.

If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).

Because collisions in hashing, a short password can collide with a megabyte one,
so the longer does NOT mean it's safer.

And of course, hoping passwords aren't saved in 'plain text'... But
that's another question I won't discuss.

IMHO, as BrickLink has an old (and proud!) history of development, I guess there
are tens of tests on this maximum value a bit everywhere, and it's a complete
separate (and non urgent) task, to find EVERY place where it's implemented
(and in various languages)...
 Author: 917679 View Messages Posted By 917679
 Posted: Nov 8, 2023 21:57
 Subject: Re: Why password with 15 digits only?
 Viewed: 79 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

917679 (264)

Location:  Australia, Western Australia
Member Since Contact Type Status
May 7, 2017 Contact Member Buyer
Buying Privileges - OK
Agree that a random password passwords above a certain length aren't more
secure, but allowing passwords with unconstrained length does suggest that they
are storing securely (by hashing it), rather than storing it plain/encoded/encrypted.
 Author: macebobo View Messages Posted By macebobo
 Posted: Nov 9, 2023 11:37
 Subject: Re: Why password with 15 digits only?
 Viewed: 73 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

macebobo (2701)

Location:  USA, Oregon
Member Since Contact Type Status
Apr 3, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: MacsBricks
In Administrative, breesy writes:
  You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.

Indeed.

  If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).

What I infer from the limitation, is that Bricklink MAY not be following best
practices here. And lord forbid that they are raw or "encrypted" in the
db. **Shudders**

https://xkcd.com/936/
 
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 14:02
 Subject: Re: Why password with 15 digits only?
 Viewed: 84 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Lebostein writes:
  15 digits are a joke with regard to modern security recommendations

The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.
 Author: sandman View Messages Posted By sandman
 Posted: Nov 9, 2023 16:38
 Subject: Re: Why password with 15 digits only?
 Viewed: 104 times
 Topic: Technical Issues
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

sandman (2590)

Location:  Germany, Bayern
Member Since Contact Type Status
Jan 15, 2003 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Brickforge
In Administrative, CE_Uday writes:
  In Administrative, Lebostein writes:
  15 digits are a joke with regard to modern security recommendations

The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.

It seems like you can use more than 15 characters using the "Reset password"
function, which in turn breaks BrickStore that only accepts 15 characters (users
were confused in the past, so I added the same character limitation in BrickStore)
This would also make it impossible to later change the password on BL's account
info page...

See: https://github.com/rgriebl/brickstore/issues/787

Thanks for looking into this!
Robert
 Author: godprobe View Messages Posted By godprobe
 Posted: Nov 12, 2023 22:44
 Subject: Re: Why password with 15 digits only?
 Viewed: 54 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

godprobe (6)

Location:  USA, California
Member Since Contact Type Status
Apr 23, 2018 Contact Member Buyer
Buying Privileges - OK
Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.

It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.

Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.

Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.

The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.

At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.

(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 13, 2023 11:22
 Subject: Re: Why password with 15 digits only?
 Viewed: 54 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, godprobe writes:
  Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.

It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.

Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.

Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.

The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.

At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.

(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)

Thank you for your feedback. The 15-character limit is mentioned on the password
reset page, but it is not displayed when you change your password on the "Account
Info" page.
 Author: Emptyhead1 View Messages Posted By Emptyhead1
 Posted: Nov 13, 2023 14:46
 Subject: Re: Why password with 15 digits only?
 Viewed: 35 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Emptyhead1 (0)

Location:  Canada, Ontario
Member Since Contact Type Status
Nov 10, 2023 Contact Member Buyer
Buying Privileges - OK
I was wondering this as well because it doesn't allow for very secure passwords.
 Author: 1001bricks View Messages Posted By 1001bricks
 Posted: Nov 13, 2023 15:17
 Subject: Re: Why password with 15 digits only?
 Viewed: 42 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

1001bricks (53648)

Location:  France, Provence-Alpes-Côte d'Azur
Member Since Contact Type Status
Sep 6, 2005 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: 1001bricks
In Administrative, thekillerrabbit writes:
  I was wondering this as well because it doesn't allow for very secure passwords.

Interesting to get an advice on a 3 days old account...

Not very secure? Please read:
https://www.bricklink.com/message.asp?ID=1437985
 Author: McBricks View Messages Posted By McBricks
 Posted: Nov 8, 2023 15:51
 Subject: Re: Update on November 3rd incident
 Viewed: 66 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

McBricks (8324)

Location:  USA, Kentucky
Member Since Contact Type Status
Jan 23, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Father & Son Bricks
Thanks Admin for your hard work and detication ! Greatly appreciated!!




In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: chriselliottart View Messages Posted By chriselliottart
 Posted: Nov 8, 2023 15:52
 Subject: Re: Update on November 3rd incident
 Viewed: 84 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

chriselliottart (580)

Location:  USA, New Jersey
Member Since Contact Type Status
Dec 30, 2012 Contact Member Buyer
Buying Privileges - OK
Thank you for all your hard work to ensure the site's safety and continuity.
These things happen and I hope the team is getting some well-deserved rest soon!

In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team
 Author: v100Bricks View Messages Posted By v100Bricks
 Posted: Nov 8, 2023 16:05
 Subject: Re: Update on November 3rd incident
 Viewed: 58 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

v100Bricks (210)

Location:  United Kingdom, Scotland
Member Since Contact Type Status
Aug 31, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: v100Bricks
Very full and informative response. Nothing wrong with an abundance of caution
so well done all concerned.
 Author: LegoKingMaster View Messages Posted By LegoKingMaster
 Posted: Nov 8, 2023 16:12
 Subject: Re: Update on November 3rd incident
 Viewed: 55 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

LegoKingMaster (223)

Location:  USA, New York
Member Since Contact Type Status
Feb 1, 2007 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: My Vintage Closet
Please add the ability for 2FA!

Thanks.
 Author: CE_Uday View Messages Posted By CE_Uday
 Posted: Nov 9, 2023 14:03
 Subject: Re: Update on November 3rd incident
 Viewed: 59 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

CE_Uday

Location:  USA, California
Member Since Contact Type Status
Apr 4, 2023 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, LegoKingMaster writes:
  Please add the ability for 2FA!

Thanks.

At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
 Author: brickerking View Messages Posted By brickerking
 Posted: Nov 9, 2023 21:20
 Subject: Re: Update on November 3rd incident
 Viewed: 55 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

brickerking (1912)

Location:  Canada, Alberta
Member Since Contact Type Status
Mar 21, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricker King
In Administrative, CE_Uday writes:
  In Administrative, LegoKingMaster writes:
  Please add the ability for 2FA!

Thanks.

At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.

I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
 Author: PlanetEarthToys View Messages Posted By PlanetEarthToys
 Posted: Nov 9, 2023 21:21
 Subject: Re: Update on November 3rd incident
 Viewed: 62 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

PlanetEarthToys (140)

Location:  USA, Arkansas
Member Since Contact Type Status
Aug 24, 2021 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Planet Earth Toys
In Administrative, brickerking writes:
  In Administrative, CE_Uday writes:
  In Administrative, LegoKingMaster writes:
  Please add the ability for 2FA!

Thanks.

At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.

I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!

agreed, make it optional
 Author: kreativsnail View Messages Posted By kreativsnail
 Posted: Nov 8, 2023 16:12
 Subject: Re: Update on November 3rd incident
 Viewed: 83 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

kreativsnail (3109)

Location:  USA, Pennsylvania
Member Since Contact Type Status
Jul 2, 2006 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Kreativ Store
Thank you so much for getting this back up and running, and protecting our accounts.
 Author: Reki_Lobsheek View Messages Posted By Reki_Lobsheek
 Posted: Nov 8, 2023 16:26
 Subject: Re: Update on November 3rd incident
 Viewed: 58 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Reki_Lobsheek (2472)

Location:  Belgium, Brussels
Member Since Contact Type Status Collage
Feb 12, 2004 Contact Member Buyer
Buying Privileges - OK
View Collage Pic
Thanks for "nipping this in the bud" and prioritizing the platform's
security above all!


Erik
 Author: EnchantedBricks View Messages Posted By EnchantedBricks
 Posted: Nov 8, 2023 16:33
 Subject: Re: Update on November 3rd incident
 Viewed: 69 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

EnchantedBricks (1226)

Location:  USA, Pennsylvania
Member Since Contact Type Status Collage
May 10, 2019 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Enchanted Bricks
Huge shoutout to the Bricklink team for working on getting the site restored!!

Glad to be back... I almost had to interact with my family!!
 Author: Nubs_Select View Messages Posted By Nubs_Select
 Posted: Nov 8, 2023 16:35
 Subject: Re: Update on November 3rd incident
 Viewed: 57 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Nubs_Select (4310)

Location:  Canada, Ontario
Member Since Contact Type Status
Mar 15, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Nub's Select
  Glad to be back... I almost had to interact with my family!!

dodged a bullet!
 Author: srawrats View Messages Posted By srawrats
 Posted: Nov 8, 2023 16:43
 Subject: Re: Update on November 3rd incident
 Viewed: 77 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

srawrats (18)

Location:  Germany, Baden-Württemberg
Member Since Contact Type Status
Jan 30, 2012 Member Does Not Allow Contact Buyer
Buying Privileges - OK
Thank you very very much for your great work! I can imagine, how hard your days
and nights were, I'm fighting also nearly every day against cyber crime etc.
coming from outside as IT specialist. Take a deep breath and be proud of yourself!
I'm glad Bricklink is back, loving this platform and was missig it so much...
Take care!!!
 Author: Bizard_Bricks View Messages Posted By Bizard_Bricks
 Posted: Nov 8, 2023 17:01
 Subject: Re: Update on November 3rd incident
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Bizard_Bricks (434)

Location:  Canada, Quebec
Member Since Contact Type Status
Oct 29, 2020 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Bizard Bricks of Montreal
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team



Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
 Author: jmb1983 View Messages Posted By jmb1983
 Posted: Nov 8, 2023 17:04
 Subject: Re: Update on November 3rd incident
 Viewed: 115 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

jmb1983 (390)

Location:  USA, South Carolina
Member Since Contact Type Status
Jan 29, 2015 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: JBatina Bricks
In Administrative, Bizard_Bricks writes:
  In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team



Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.

Just wanted to extend my thanks and praise to the entire staff at BrickLink for
their perseverance and dedication on swiftly and promptly handling this situation.
I am very glad to see the site back up and running as it’s a daily interaction
and a part of my daily life.
 Author: R0Sch View Messages Posted By R0Sch
 Posted: Nov 8, 2023 18:02
 Subject: Re: Update on November 3rd incident
 Viewed: 54 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

R0Sch (48)

Location:  Germany, Nordrhein-Westfalen
Member Since Contact Type Status
Aug 24, 2011 Contact Member Buyer
Buying Privileges - OK
Thanks for the efforts to bring back the site up and running again. It's
better not rushing things when it comes to security. Hope LEGO can introduces
2FA and longer passwords here as well so this doesn't happen again.
Cheers!
 Author: studdouble View Messages Posted By studdouble
 Posted: Nov 8, 2023 21:53
 Subject: Re: Update on November 3rd incident
 Viewed: 50 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

studdouble (60)

Location:  USA, Florida
Member Since Contact Type Status
Aug 3, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Part 3001
they should skip 2FA and implement PASSKEYS
 Author: tvattima View Messages Posted By tvattima
 Posted: Nov 8, 2023 18:17
 Subject: Re: Update on November 3rd incident
 Viewed: 52 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

tvattima (458)

Location:  USA, Pennsylvania
Member Since Contact Type Status Collage
Oct 3, 2000 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Vintage Collection
In Administrative, Admin_Russell writes:

Bricklink Team, as a software developer at a major financial institution, I can
empathize with this critical situation and the very long days the team must have
put in to restore the production system. I believe I speak for every Bricklink
User - Thank You!
 Author: PurpleHeartNM View Messages Posted By PurpleHeartNM
 Posted: Nov 8, 2023 18:18
 Subject: Re: Update on November 3rd incident
 Viewed: 64 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

PurpleHeartNM (133)

Location:  USA, Nevada
Member Since Contact Type Status
Mar 22, 2023 Contact Member Buyer
Buying Privileges - OK
I hope y'all get some rest after this. And I'm glad everyone was ok!
 Author: PabloVm View Messages Posted By PabloVm
 Posted: Nov 8, 2023 18:21
 Subject: Re: Update on November 3rd incident
 Viewed: 58 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

PabloVm (0)

Location:  Germany, Nordrhein-Westfalen
Member Since Contact Type Status
Apr 9, 2023 Contact Member Buyer
Buying Privileges - OK
Thanks!!!!
 Author: petozo View Messages Posted By petozo
 Posted: Nov 8, 2023 18:27
 Subject: Re: Update on November 3rd incident
 Viewed: 55 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

petozo (453)

Location:  Germany, Bayern
Member Since Contact Type Status Collage
Dec 10, 2010 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
View Collage Pic
Store: Peters Bricks
Many thanks to the team for solving the problem
Business can continue
 
 Author: KACL View Messages Posted By KACL
 Posted: Nov 8, 2023 18:33
 Subject: Re: Update on November 3rd incident
 Viewed: 63 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

KACL (45)

Location:  USA, Connecticut
Member Since Contact Type Status
May 31, 2023 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: Bricking It Old School
In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.


Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team

Thank you so much for all of your hard work and dedication to the BL community.
I really appreciated being kept in the loop while this was all going on. We really
do appreciate the team.

Karen
 Author: UTLF View Messages Posted By UTLF
 Posted: Nov 8, 2023 18:39
 Subject: (Cancelled)
 Viewed: 61 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

UTLF (1282)

Location:  Canada, British Columbia
Member Since Contact Type Status
Oct 27, 2018 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: UTLF
(Cancelled)
 Author: pjf240 View Messages Posted By pjf240
 Posted: Nov 8, 2023 19:09
 Subject: Re: Update on November 3rd incident
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

pjf240 (496)

Location:  Canada, Saskatchewan
Member Since Contact Type Status
Oct 31, 2011 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Wahzooh River Bricks
Thank you for the thorough (and relatively fast) response to this issue. Very
well handled, I would say.
 Author: User1108202302 View Messages Posted By User1108202302
 Posted: Nov 8, 2023 19:22
 Subject: (Cancelled)
 Viewed: 117 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

User1108202302 (0)

Location:  USA, Ohio
Member Since Contact Type Status
Nov 8, 2023 Contact Member Buyer
No Longer Registered
No Longer Registered
(Cancelled)
 Author: RickBrick74 View Messages Posted By RickBrick74
 Posted: Nov 8, 2023 19:45
 Subject: Re: Update on November 3rd incident
 Viewed: 48 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

RickBrick74 (1050)

Location:  USA, Texas
Member Since Contact Type Status
Mar 1, 2016 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: MEBrick LLC
Thank you!
 Author: The_Boyz_Bricks View Messages Posted By The_Boyz_Bricks
 Posted: Nov 8, 2023 19:47
 Subject: Re: Update on November 3rd incident