|
|
| | Author: | Admin_Russell | Posted: | Nov 8, 2023 13:07 | Subject: | Update on November 3rd incident | Viewed: | 5494 times | Topic: | Administrative | |
|
|
BrickLink ID CardAdmin_Russell
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
May 9, 2017 |
|
Admin |
|
|
BrickLink Administrator |
|
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
| | | | | |
| | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 13:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 219 times | Topic: | Administrative | |
|
| Thankyou for the update! 🍕🍕🍕 |
|
| | | | | | | | | |
| | | | | | Author: | 917679 | Posted: | Nov 8, 2023 20:44 | Subject: | Re: Update on November 3rd incident | Viewed: | 95 times | Topic: | Administrative | |
|
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
A couple of thoughts:
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
Thanks
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Khyron68 | Posted: | Nov 8, 2023 23:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, breesy writes:
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
A couple of thoughts:
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
Thanks
|
Firstly "A couple" means 2 not 4
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | lostcarpark | Posted: | Nov 9, 2023 02:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 69 times | Topic: | Administrative | |
|
| In Administrative, Khyron68 writes:
| Firstly "A couple" means 2 not 4
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
|
The announcement (probably wisely) does not give details of the ransom threat.
I, fairly regularly, receive ransom threats for sites I maintain. In general
they don't say anything more than "I've hacked your site. Send me
X Bitcoin or I will do something bad".
If a ransomer wants me to take their threat seriously, they need to include some
information that they couldn't know without having access to the website
internals. As I say we don't know what information the ransomer had.
As I don't run a global marketplace with millions of users, and the consequences
of a Ransomer carrying out any such threat would be much lower, I feel I can
safely ignore these threats.
I applaud Bricklink for taking quick and decisive action.
I do, however, encourage the introduction of 2FA.
|
|
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | Give.Me.A.Brick | Posted: | Nov 9, 2023 03:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 10:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 119 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | Author: | TorontoLego | Posted: | Nov 9, 2023 11:26 | Subject: | Re: Update on November 3rd incident | Viewed: | 72 times | Topic: | Administrative | |
|
| I'm literally dying.
In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 11:58 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| In Administrative, TorontoLego writes:
Not the intent - Just saying (Mitigating any potential charges to at
most 2nd degree manslaughter)
Signed: popsicle
|
In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
|
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | Author: | Give.Me.A.Brick | Posted: | Nov 9, 2023 14:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
No no no.
On that sense, a couple is just and only 2.
My couple of cents, anyway
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | popsicle | Posted: | Nov 9, 2023 14:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 75 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, popsicle writes:
| In Administrative, Give.Me.A.Brick writes:
| In Administrative, Khyron68 writes:
|
Firstly "A couple" means 2 not 4
|
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
https://dictionary.cambridge.org/dictionary/english/couple
|
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
|
No no no.
On that sense, a couple is just and only 2.
My couple of cents, anyway
|
I know that you understand that. Just having some fun
The English language of all the world's major languages, is a wonderful playground
of sorts, with it's massive vocabulary and seemingly endless exceptions to
it's rules.
-Cory
|
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | Author: | r0bb | Posted: | Nov 9, 2023 14:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 162 times | Topic: | Administrative | |
|
| In Administrative, Give.Me.A.Brick writes:
| My couple of cents, anyway
|
Wow, I don't think you ever offered anything for a couple of cents on here!
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | Author: | A_Chicken | Posted: | Dec 17, 2023 00:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 139 times | Topic: | Administrative | |
|
| *dies of cringe* |
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | Author: | SeaBRICKLin_213 | Posted: | Jan 2, 2024 20:15 | Subject: | Re: Update on November 3rd incident | Viewed: | 109 times | Topic: | Administrative | |
|
| In Administrative, A_Chicken writes:
For real dude. This forum may be too cringy.
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | | | | Author: | 1001bricks | Posted: | Jan 2, 2024 20:59 | Subject: | Re: Update on November 3rd incident | Viewed: | 126 times | Topic: | Administrative | |
|
| In Administrative, SeaBRICKLin_213 writes:
| In Administrative, A_Chicken writes:
For real dude. This forum may be too cringy.
|
I must say, r0bb reply here was really hilarious
https://www.bricklink.com/message.asp?ID=1438223
|
|
| | | | | | | | | |
| | | | | | Author: | Milann | Posted: | Feb 11, 2024 18:57 | Subject: | Re: Update on November 3rd incident | Viewed: | 110 times | Topic: | Administrative | |
|
| In Administrative, Nubs_Select writes:
| Thankyou for the update! 🍕🍕🍕
|
|
|
| | | | | |
| | | | Author: | TheBrickGuys | Posted: | Nov 8, 2023 13:11 | Subject: | Re: Update on November 3rd incident | Viewed: | 147 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks for working to get us back up and running quickly. It was surprising just
how much we depend on BrickLink, I felt literally lost at times without it so
thanks again.
Jim.
|
|
|
| | | | | |
| | | | Author: | Stuart9 | Posted: | Nov 8, 2023 13:16 | Subject: | Re: Update on November 3rd incident | Viewed: | 100 times | Topic: | Administrative | |
|
| Thank you everyone at BL. 👍👏🙂
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Tracyd | Posted: | Nov 8, 2023 13:17 | Subject: | Re: Update on November 3rd incident | Viewed: | 105 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you and great job on stopping the issue when it became apparent and finding
out what was impacted.
|
|
|
| | | | | |
| | | | Author: | 3001Bricks | Posted: | Nov 8, 2023 13:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 85 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you!
|
|
|
| | | | | |
| | | | Author: | jbricks | Posted: | Nov 8, 2023 13:23 | Subject: | Re: November 3rd incident new safety features. | Viewed: | 99 times | Topic: | Administrative | |
|
| Good to see that there are new safetyprotocols with the login process.
Emails if new devices login,
Emails that you want to change your password.
That is very helpfull for this case,
Although it took a very long time to be back up again, (waiting always looks
like ages and ages)
We are happy to see that this is taken seriously,
Happy shopping everyone,
|
|
| | | | | |
| | | | Author: | Admin_Russell | Posted: | Nov 8, 2023 13:23 | Subject: | Re: Update on November 3rd incident | Viewed: | 320 times | Topic: | Administrative | |
|
|
BrickLink ID CardAdmin_Russell
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
May 9, 2017 |
|
Admin |
|
|
BrickLink Administrator |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Here is an FAQ with more information:
https://www.bricklink.com/help.asp?helpID=2613
|
|
|
| | | | | | | | | |
| | | | | | Author: | zorbanj | Posted: | Nov 8, 2023 13:36 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Administrative | |
|
| What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
In Administrative, Admin_Russell writes:
|
|
| | | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | zorbanj | Posted: | Nov 9, 2023 13:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 36 times | Topic: | Administrative | |
|
| Very nice, thanks for adding it!
In Administrative, CE_Uday writes:
| In Administrative, zorbanj writes:
| What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
|
Thank you!
There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
|
|
|
| | | | | |
| | | | Author: | macebobo | Posted: | Nov 8, 2023 13:23 | Subject: | Re: Update on November 3rd incident | Viewed: | 70 times | Topic: | Administrative | |
|
| Thank you Russell and team! |
|
| | | | | |
| | | | Author: | Zixx | Posted: | Nov 8, 2023 13:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| Thank you for all the behind the scenes work that many put in to the site to
get it back up and running.
Your hard work is truly appreciated!
|
|
| | | | | |
| | | | Author: | BigBBricks | Posted: | Nov 8, 2023 13:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 111 times | Topic: | Administrative | |
|
| Thanks to you and the team for getting this turned back on quickly, given the
timing, it could have been much worse. And the offer to buy coffee for the team
still stands.
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:31 | Subject: | (Cancelled) | Viewed: | 54 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | ralphs_bricks | Posted: | Nov 8, 2023 13:31 | Subject: | Re: Update on November 3rd incident | Viewed: | 129 times | Topic: | Technical Issues | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, ralphs_bricks writes:
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
I sent one without issue through safari.
|
|
| | | | | | | | | |
| | | | | | Author: | Stellar | Posted: | Nov 8, 2023 13:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| In Administrative, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Sent one just after seeing your message and mine worked fine!
|
|
|
| | | | | | | | | |
| | | | | | Author: | ralphs_bricks | Posted: | Nov 8, 2023 13:42 | Subject: | Re: Update on November 3rd incident | Viewed: | 71 times | Topic: | Technical Issues | |
|
| In Administrative, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
I was able to do a mass drive thru for my orders but individual drive thrus are
still coming up as 403 Forbidden for me.
|
|
|
| | | | | | | | | |
| | | | | | Author: | Luxurybricks | Posted: | Nov 8, 2023 14:24 | Subject: | Re: Update on November 3rd incident | Viewed: | 82 times | Topic: | Technical Issues | |
|
| In Technical Issues, ralphs_bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Same here, also when I try to change the order status
|
|
|
| | | | | | | | | |
| | | | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 16:36 | Subject: | Re: Update on November 3rd incident | Viewed: | 97 times | Topic: | Technical Issues | |
|
| In Technical Issues, ralphs_bricks writes:
|
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
|
Been getting the same error when trying to send a quote… others with sending
invoices
|
|
| | | | | | |
| | | | Author: | MEAD_Bricks | Posted: | Nov 8, 2023 13:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| Thank you! |
|
| | | | | |
| | | | Author: | WhiteHorseMatt | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Technical Issues | |
|
| Are there any plans to implement Two factor authentication for sign in following
the issues?
Matt
|
|
| | | | | | |
| | | | Author: | BricksOfFaith | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 46 times | Topic: | Administrative | |
|
| Thank you guys for everything you’ve done this week!! |
|
| | | | | |
| | | | Author: | LegendaryConch | Posted: | Nov 8, 2023 13:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Thank you to everyone over at the Bricklink Team! Your hard work and dedication
are greatly appreciated. 🙏
|
|
| | | | | |
| | | | Author: | PlanetEarthToys | Posted: | Nov 8, 2023 13:36 | Subject: | (Cancelled) | Viewed: | 96 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | | | | | |
| | | | | | Author: | rtzx9r | Posted: | Nov 8, 2023 13:40 | Subject: | (Cancelled) | Viewed: | 106 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | coevorden01 | Posted: | Nov 8, 2023 13:53 | Subject: | (Cancelled) | Viewed: | 53 times | Topic: | Administrative | |
|
| In Administrative, rtzx9r writes:
thxs !!!!
|
|
| | | | | | | | | |
| | | | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:52 | Subject: | (Cancelled) | Viewed: | 44 times | Topic: | Administrative | |
|
| Huh?? |
|
| | | | | |
| | | | Author: | Averip | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you for the update, really appreciated !
|
|
|
| | | | | |
| | | | Author: | librarian | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 44 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks for the update.
Chip
|
|
|
| | | | | |
| | | | Author: | Steineflut | Posted: | Nov 8, 2023 13:37 | Subject: | Re: Update on November 3rd incident | Viewed: | 84 times | Topic: | Administrative | |
|
| Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thanks again 👍
|
|
| | | | | | | | | | |
| | | | | | Author: | bricknovice | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| In Administrative, Steineflut writes:
| Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thanks again 👍
|
Thank you to the BrickLink team for working tirelessly through the long days
and nights to flush out the bad actors and get the site back up and running as
quickly as possible. Definitely missed the site the last few days and am so glad
to have it back up.
I second the request to ensure the fraudulent transactions have been removed
from the price guide.
Thanks again!
|
|
|
| | | | | | |
| | | | Author: | Stankec1983 | Posted: | Nov 8, 2023 13:39 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| Thank you! Cheers from Croatia! |
|
| | | | | |
| | | | Author: | Tuzi | Posted: | Nov 8, 2023 13:44 | Subject: | Re: Update on November 3rd incident | Viewed: | 60 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
....
|
Thank you for your hard work! I hope two-factor authentication will be added
soon to prevent this scenario from happening again
|
|
| | | | | | |
| | | | Author: | Jaabo | Posted: | Nov 8, 2023 13:45 | Subject: | Re: Update on November 3rd incident | Viewed: | 75 times | Topic: | Administrative | |
|
| Thank you very much!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | WonderlandToys | Posted: | Nov 8, 2023 13:48 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| Thanks to the entire bricklink team for getting the site back up and running! |
|
| | | | | |
| | | | Author: | Rob_and_Shelagh | Posted: | Nov 8, 2023 13:49 | Subject: | Re: Update on November 3rd incident | Viewed: | 59 times | Topic: | Administrative | |
|
| Dear Bricklink team,
Thanks to all who worked hard to restore the site and continue to support our
activities here, we really appreciate it!
Best regards,
Robert & Shelagh
Yellow Farm Bricks
|
|
| | | | | |
| | | | Author: | Familybuild | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| Thank you for all the hard work.
And long hours needed to confront this head on.
great job you all.
|
|
| | | | | |
| | | | Author: | MAGICBRICKS | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| So many thanks for your great work, safety eyes 👀 and I think weckte all very
happy to have back this fantastic platform. And now…..SHOOOOOOOPPING 🤑🤑🤑
Sascha / MAGICBRICKS
|
|
| | | | | |
| | | | Author: | BubbaVonBraun | Posted: | Nov 8, 2023 13:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 49 times | Topic: | Administrative | |
|
| Folks,
Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.
Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.
Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.
You all deserve our thanks.
Best Regards
BvB.
|
|
| | | | | | |
| | | | Author: | Give.Me.A.Brick | Posted: | Nov 8, 2023 13:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 73 times | Topic: | Administrative | |
|
| A huge THANK YOU Russell and everyone on the BrickLink Team!
We are very grateful for all the hard work and sleepless nights you all have
put to safely reopen this much missed site
All the best to Bricklink!
|
|
| | | | | |
| | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
|
|
| | | | | |
| | | | Author: | DeLuca | Posted: | Nov 8, 2023 13:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| Thank you!! I was beginning to go into withdrawals over the lack of access to
the Catalog! 😬
|
|
| | | | | |
| | | | Author: | jodawill | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 50 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.
Is there any chance we could get TOTP 2FA and longer passwords?
|
|
|
| | | | | | |
| | | | Author: | calebfishn | Posted: | Nov 8, 2023 14:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| Life support systems re-activated.
Thanks.
|
|
| | | | | |
| | | | Author: | BrickSteinBe | Posted: | Nov 8, 2023 14:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 43 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks! Time for some welldeserved sleep for you
|
|
|
| | | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 14:10 | Subject: | Re: Update on November 3rd incident | Viewed: | 76 times | Topic: | Administrative | |
|
| |
|
| | | | | | | | | |
| | | | | | Author: | macebobo | Posted: | Nov 8, 2023 16:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 81 times | Topic: | Administrative | |
|
| In Administrative, SylvainLS writes:
I was feeling the same way! I think I am addicted to love, er, Bricklink.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | SylvainLS | Posted: | Nov 8, 2023 16:40 | Subject: | Re: Update on November 3rd incident | Viewed: | 70 times | Topic: | Administrative | |
|
| In Administrative, macebobo writes:
| In Administrative, SylvainLS writes:
I was feeling the same way! I think I am addicted to love, er, Bricklink.
|
And chocolate?
I need a 5th image: the site is back online!
|
|
| | | | | |
| | | | Author: | pineBRICKS | Posted: | Nov 8, 2023 14:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 36 times | Topic: | Administrative | |
|
| Thank you Bricklink team for all your efforts! |
|
| | | | | |
| | | | Author: | Thoi4125 | Posted: | Nov 8, 2023 14:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 47 times | Topic: | Administrative | |
|
| Thank you for being so transparent and proactive!.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
| | | | | |
| | | | Author: | CE_Tanja | Posted: | Nov 8, 2023 14:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 125 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Tanja
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Feb 17, 2021 |
|
Admin |
|
|
BrickLink Administrator |
|
| Thank you for all your kind thoughts!
For good reason we are currently experiencing a very high load on our systems
due to seller activity.
We understand that everyone is keen to get everything back in order so we have
temporarily paused the cart algorithm for the MOC Pop-up store to increase capacity.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | oaktree | Posted: | Nov 8, 2023 14:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 73 times | Topic: | Administrative | |
|
| Many thanks to everyone at BrickLink for all the hard work of getting everything
back up and running for us!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | jonwil | Posted: | Nov 8, 2023 14:07 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.
|
|
| | | | | | |
| | | | Author: | CanadaFirst | Posted: | Nov 8, 2023 14:08 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| Thank you for the hard work your team put in, it's really appreciated! |
|
| | | | | |
| | | | Author: | CE_Tanja | Posted: | Nov 8, 2023 14:08 | Subject: | Re: Update on November 3rd incident | Viewed: | 129 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Tanja
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Feb 17, 2021 |
|
Admin |
|
|
BrickLink Administrator |
|
| We are seeing a high number of Helpdesk tickets related to entering the site
due to added security measures. We will be looking in to these, just giving everyone
impacted a heads up since we are not able to answer them all right away.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | cosmicray | Posted: | Nov 8, 2023 14:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you to the entire team, for all the hard work and long hours !
Nita Rae
|
|
|
| | | | | |
| | | | Author: | Michaeld1983 | Posted: | Nov 8, 2023 14:13 | Subject: | Re: Update on November 3rd incident | Viewed: | 74 times | Topic: | Administrative | |
|
| Thanks team for getting everything back up. You have handled this situation with
care and speed. I appreciate your efforts and fortunately my store (and inventory)
remain intact. Cheers Mike
|
|
| | | | | |
| | | | Author: | Delsyn | Posted: | Nov 8, 2023 14:15 | Subject: | Re: Update on November 3rd incident | Viewed: | 59 times | Topic: | Administrative | |
|
| Way to go team! We appreciate you! |
|
| | | | | |
| | | | Author: | BrickDeals | Posted: | Nov 8, 2023 14:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 88 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | StreamyBrick | Posted: | Nov 10, 2023 03:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 41 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, BrickDeals writes:
| Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
|
why do i keep getting this update your password message ?? already did that
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | StreamyBrick | Posted: | Nov 10, 2023 03:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 67 times | Topic: | Administrative | |
|
| In Administrative, kdwykleingeld writes:
| In Administrative, CE_Uday writes:
| In Administrative, BrickDeals writes:
| Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
|
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
|
why do i keep getting this update your password message ?? already did that
|
we can assume that everyone who can access bl again has changed its password
since that was required.. so no need for that message
|
|
| | | | | |
| | | | Author: | skazy | Posted: | Nov 8, 2023 14:25 | Subject: | Re: Update on November 3rd incident | Viewed: | 94 times | Topic: | Administrative | |
|
| Thank you for the BL team's big effort these last days! Good job.
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | larvalrin | Posted: | Nov 8, 2023 14:29 | Subject: | Re: Update on November 3rd incident | Viewed: | 86 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
I can't believe how much I missed bricklink I can finally start my
little project!
|
|
|
| | | | | |
| | | | Author: | Luxurybricks | Posted: | Nov 8, 2023 14:32 | Subject: | Re: Update on November 3rd incident | Viewed: | 118 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Many thanks to the BL-Team for the much effort.
Is it possible for the IT-team to add the ip-address to the E-Mail login notice?
|
|
|
| | | | | | |
| | | | Author: | wahiggin | Posted: | Nov 8, 2023 14:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 69 times | Topic: | Administrative | |
|
| Thank you for the steps taken to get our beloved site back up and working again. |
|
| | | | | |
| | | | Author: | MYLEGOBRICKS | Posted: | Nov 8, 2023 14:54 | Subject: | Re: Update on November 3rd incident | Viewed: | 79 times | Topic: | Administrative | |
|
| MANY THANKS FOR GETTING US BACK UP AND RUNNING.
GIVE YOURSELVES A WELL-DESERVED PAT ON THE BACK .....
|
|
| | | | | |
| | | | Author: | Harrisok12 | Posted: | Nov 8, 2023 15:03 | Subject: | Re: Update on November 3rd incident | Viewed: | 74 times | Topic: | Administrative | |
|
| Thanks for all your hard work. Great to see the site up again |
|
| | | | | |
| | | | Author: | KyleKatarn98 | Posted: | Nov 8, 2023 15:10 | Subject: | Re: Update on November 3rd incident | Viewed: | 62 times | Topic: | Administrative | |
|
| Wielkie dzięki za odblokowanie naszej ulubionej strony!
Great thanks for unlocking our favourite site!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | Debstarcrazy | Posted: | Nov 8, 2023 15:16 | Subject: | Re: Update on November 3rd incident | Viewed: | 51 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
So good to be back! Huge thanks and well done to all the team for getting us
back up and running again. Job well done. Go and get some sleep now people!
|
|
|
| | | | | |
| | | | Author: | Boy_Anachronism | Posted: | Nov 8, 2023 15:19 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| Thank you for all your work, it is very much appreciated! |
|
| | | | | |
| | | | Author: | welo999 | Posted: | Nov 8, 2023 15:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 72 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
|
Thanks for taking care, even if took a few days. Better safe than sorry!
|
|
| | | | | |
| | | | Author: | marjansmit | Posted: | Nov 8, 2023 15:30 | Subject: | Re: Update on November 3rd incident | Viewed: | 41 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thanks Team. You realise what you appreciate at the moment you do not have it
anymore. Keep up the good work!
MSB-Bricks
|
|
|
| | | | | |
| | | | Author: | steinzeugs | Posted: | Nov 8, 2023 15:31 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Good to see you back. A big THANK YOU for the quick fix!
|
|
|
| | | | | |
| | | | Author: | RutiFruti | Posted: | Nov 8, 2023 15:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 56 times | Topic: | Administrative | |
|
| Great to be back!! Many, many thanks Bricklink team for your work these days
and for keeping us posted!!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | tec | Posted: | Nov 8, 2023 15:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 92 times | Topic: | Administrative | |
|
| These have been 5 intense days I imagine
But i nthe end you did it.
Go admins!
keep up the good work
|
|
| | | | | |
| | | | Author: | Lebostein | Posted: | Nov 8, 2023 15:47 | Subject: | Why password with 15 digits only? | Viewed: | 151 times | Topic: | Administrative | |
|
| 15 digits are a joke with regard to modern security recommendations |
|
| | | | | | | | | |
| | | | | | Author: | 1001bricks | Posted: | Nov 8, 2023 21:15 | Subject: | Re: Why password with 15 digits only? | Viewed: | 140 times | Topic: | Administrative | |
|
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | 917679 | Posted: | Nov 8, 2023 21:21 | Subject: | Re: Why password with 15 digits only? | Viewed: | 76 times | Topic: | Administrative | |
|
| In Administrative, 1001bricks writes:
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | 1001bricks | Posted: | Nov 8, 2023 21:39 | Subject: | Re: Why password with 15 digits only? | Viewed: | 97 times | Topic: | Administrative | |
|
| | | I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
|
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
Because collisions in hashing, a short password can collide with a megabyte one,
so the longer does NOT mean it's safer.
And of course, hoping passwords aren't saved in 'plain text'... But
that's another question I won't discuss.
IMHO, as BrickLink has an old (and proud!) history of development, I guess there
are tens of tests on this maximum value a bit everywhere, and it's a complete
separate (and non urgent) task, to find EVERY place where it's implemented
(and in various languages)...
|
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | Author: | 917679 | Posted: | Nov 8, 2023 21:57 | Subject: | Re: Why password with 15 digits only? | Viewed: | 79 times | Topic: | Administrative | |
|
| Agree that a random password passwords above a certain length aren't more
secure, but allowing passwords with unconstrained length does suggest that they
are storing securely (by hashing it), rather than storing it plain/encoded/encrypted.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | macebobo | Posted: | Nov 9, 2023 11:37 | Subject: | Re: Why password with 15 digits only? | Viewed: | 73 times | Topic: | Administrative | |
|
| In Administrative, breesy writes:
| You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
|
Indeed.
| If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
|
What I infer from the limitation, is that Bricklink MAY not be following best
practices here. And lord forbid that they are raw or "encrypted" in the
db. **Shudders**
https://xkcd.com/936/
|
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | sandman | Posted: | Nov 9, 2023 16:38 | Subject: | Re: Why password with 15 digits only? | Viewed: | 104 times | Topic: | Technical Issues | |
|
| In Administrative, CE_Uday writes:
| In Administrative, Lebostein writes:
| 15 digits are a joke with regard to modern security recommendations
|
The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.
|
It seems like you can use more than 15 characters using the "Reset password"
function, which in turn breaks BrickStore that only accepts 15 characters (users
were confused in the past, so I added the same character limitation in BrickStore)
This would also make it impossible to later change the password on BL's account
info page...
See: https://github.com/rgriebl/brickstore/issues/787
Thanks for looking into this!
Robert
|
|
|
| | | | | | | | | |
| | | | | | Author: | godprobe | Posted: | Nov 12, 2023 22:44 | Subject: | Re: Why password with 15 digits only? | Viewed: | 54 times | Topic: | Administrative | |
|
| Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | CE_Uday | Posted: | Nov 13, 2023 11:22 | Subject: | Re: Why password with 15 digits only? | Viewed: | 54 times | Topic: | Administrative | |
|
|
BrickLink ID CardCE_Uday
|
Location: USA, California |
Member Since |
Contact |
Type |
Status |
Apr 4, 2023 |
|
Admin |
|
|
BrickLink Administrator |
|
| In Administrative, godprobe writes:
| Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
|
Thank you for your feedback. The 15-character limit is mentioned on the password
reset page, but it is not displayed when you change your password on the "Account
Info" page.
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Emptyhead1 | Posted: | Nov 13, 2023 14:46 | Subject: | Re: Why password with 15 digits only? | Viewed: | 35 times | Topic: | Administrative | |
|
| I was wondering this as well because it doesn't allow for very secure passwords. |
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | 1001bricks | Posted: | Nov 13, 2023 15:17 | Subject: | Re: Why password with 15 digits only? | Viewed: | 42 times | Topic: | Administrative | |
|
| In Administrative, thekillerrabbit writes:
| I was wondering this as well because it doesn't allow for very secure passwords.
|
Interesting to get an advice on a 3 days old account...
Not very secure? Please read:
https://www.bricklink.com/message.asp?ID=1437985
|
|
| | | | | |
| | | | Author: | McBricks | Posted: | Nov 8, 2023 15:51 | Subject: | Re: Update on November 3rd incident | Viewed: | 66 times | Topic: | Administrative | |
|
| Thanks Admin for your hard work and detication ! Greatly appreciated!!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | chriselliottart | Posted: | Nov 8, 2023 15:52 | Subject: | Re: Update on November 3rd incident | Viewed: | 84 times | Topic: | Administrative | |
|
| Thank you for all your hard work to ensure the site's safety and continuity.
These things happen and I hope the team is getting some well-deserved rest soon!
In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
|
|
|
| | | | | |
| | | | Author: | v100Bricks | Posted: | Nov 8, 2023 16:05 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| Very full and informative response. Nothing wrong with an abundance of caution
so well done all concerned.
|
|
| | | | | |
| | | | Author: | LegoKingMaster | Posted: | Nov 8, 2023 16:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| Please add the ability for 2FA!
Thanks.
|
|
| | | | | | | | | | | | | | |
| | | | | | | | Author: | brickerking | Posted: | Nov 9, 2023 21:20 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| In Administrative, CE_Uday writes:
| In Administrative, LegoKingMaster writes:
| Please add the ability for 2FA!
Thanks.
|
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
|
I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | PlanetEarthToys | Posted: | Nov 9, 2023 21:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 62 times | Topic: | Administrative | |
|
| In Administrative, brickerking writes:
| In Administrative, CE_Uday writes:
| In Administrative, LegoKingMaster writes:
| Please add the ability for 2FA!
Thanks.
|
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
|
I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
|
agreed, make it optional
|
|
| | | | | |
| | | | Author: | kreativsnail | Posted: | Nov 8, 2023 16:12 | Subject: | Re: Update on November 3rd incident | Viewed: | 83 times | Topic: | Administrative | |
|
| Thank you so much for getting this back up and running, and protecting our accounts. |
|
| | | | | |
| | | | Author: | Reki_Lobsheek | Posted: | Nov 8, 2023 16:26 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| Thanks for "nipping this in the bud" and prioritizing the platform's
security above all!
Erik
|
|
| | | | | |
| | | | Author: | EnchantedBricks | Posted: | Nov 8, 2023 16:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 69 times | Topic: | Administrative | |
|
| Huge shoutout to the Bricklink team for working on getting the site restored!!
Glad to be back... I almost had to interact with my family!!
|
|
| | | | | | | | | |
| | | | | | Author: | Nubs_Select | Posted: | Nov 8, 2023 16:35 | Subject: | Re: Update on November 3rd incident | Viewed: | 57 times | Topic: | Administrative | |
|
| | Glad to be back... I almost had to interact with my family!!
|
dodged a bullet!
|
|
| | | | | |
| | | | Author: | srawrats | Posted: | Nov 8, 2023 16:43 | Subject: | Re: Update on November 3rd incident | Viewed: | 77 times | Topic: | Administrative | |
|
| Thank you very very much for your great work! I can imagine, how hard your days
and nights were, I'm fighting also nearly every day against cyber crime etc.
coming from outside as IT specialist. Take a deep breath and be proud of yourself!
I'm glad Bricklink is back, loving this platform and was missig it so much...
Take care!!!
|
|
| | | | | |
| | | | Author: | Bizard_Bricks | Posted: | Nov 8, 2023 17:01 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
|
|
|
| | | | | | | | | |
| | | | | | Author: | jmb1983 | Posted: | Nov 8, 2023 17:04 | Subject: | Re: Update on November 3rd incident | Viewed: | 115 times | Topic: | Administrative | |
|
| In Administrative, Bizard_Bricks writes:
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
|
Just wanted to extend my thanks and praise to the entire staff at BrickLink for
their perseverance and dedication on swiftly and promptly handling this situation.
I am very glad to see the site back up and running as it’s a daily interaction
and a part of my daily life.
|
|
|
| | | | | |
| | | | Author: | R0Sch | Posted: | Nov 8, 2023 18:02 | Subject: | Re: Update on November 3rd incident | Viewed: | 54 times | Topic: | Administrative | |
|
| Thanks for the efforts to bring back the site up and running again. It's
better not rushing things when it comes to security. Hope LEGO can introduces
2FA and longer passwords here as well so this doesn't happen again.
Cheers!
|
|
| | | | | | | | | |
| | | | | | Author: | studdouble | Posted: | Nov 8, 2023 21:53 | Subject: | Re: Update on November 3rd incident | Viewed: | 50 times | Topic: | Administrative | |
|
| they should skip 2FA and implement PASSKEYS |
|
| | | | | |
| | | | Author: | tvattima | Posted: | Nov 8, 2023 18:17 | Subject: | Re: Update on November 3rd incident | Viewed: | 52 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
Bricklink Team, as a software developer at a major financial institution, I can
empathize with this critical situation and the very long days the team must have
put in to restore the production system. I believe I speak for every Bricklink
User - Thank You!
|
|
| | | | | |
| | | | Author: | PurpleHeartNM | Posted: | Nov 8, 2023 18:18 | Subject: | Re: Update on November 3rd incident | Viewed: | 64 times | Topic: | Administrative | |
|
| I hope y'all get some rest after this. And I'm glad everyone was ok! |
|
| | | | | |
| | | | Author: | PabloVm | Posted: | Nov 8, 2023 18:21 | Subject: | Re: Update on November 3rd incident | Viewed: | 58 times | Topic: | Administrative | |
|
| Thanks!!!! |
|
| | | | | |
| | | | Author: | petozo | Posted: | Nov 8, 2023 18:27 | Subject: | Re: Update on November 3rd incident | Viewed: | 55 times | Topic: | Administrative | |
|
| Many thanks to the team for solving the problem
Business can continue
|
|
|
| | | | | |
| | | | Author: | KACL | Posted: | Nov 8, 2023 18:33 | Subject: | Re: Update on November 3rd incident | Viewed: | 63 times | Topic: | Administrative | |
|
| In Administrative, Admin_Russell writes:
| Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
|
Thank you so much for all of your hard work and dedication to the BL community.
I really appreciated being kept in the loop while this was all going on. We really
do appreciate the team.
Karen
|
|
|
| | | | | |
| | | | Author: | UTLF | Posted: | Nov 8, 2023 18:39 | Subject: | (Cancelled) | Viewed: | 61 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | pjf240 | Posted: | Nov 8, 2023 19:09 | Subject: | Re: Update on November 3rd incident | Viewed: | 68 times | Topic: | Administrative | |
|
| Thank you for the thorough (and relatively fast) response to this issue. Very
well handled, I would say.
|
|
| | | | | |
| | | | Author: | User1108202302 | Posted: | Nov 8, 2023 19:22 | Subject: | (Cancelled) | Viewed: | 117 times | Topic: | Administrative | |
|
| (Cancelled) |
|
| | | | | |
| | | | Author: | RickBrick74 | Posted: | Nov 8, 2023 19:45 | Subject: | Re: Update on November 3rd incident | Viewed: | 48 times | Topic: | Administrative | |
|
| Thank you! |
|
| | | | | |
| | | | Author: | The_Boyz_Bricks | Posted: | Nov 8, 2023 19:47 | Subject: | Re: Update on November 3rd incident |
|
|
|
|
|