Developing Story - Check back as new information comes out surrounding breach specifics
UPDATE: Bricklink has indicated that they did face threats from cybercriminals, and that a small amount of customer data may have been compromised. However, they are reassuring users that this was a result of a credential stuffing scam and not a problem with the site’s security infrastructure. See their latest statement below:
“At this stage we believe this was a ‘credential stuffing’ incident, where someone obtains lists of usernames and passwords from a third party, often illegally, and opportunistically tries to use them on a website.”
A Bricklink data breach has not been officially confirmed. However, unusual downtime on the site and covert reports on Reddit indicate that the “technical difficulties” may be the result of a cyberattack. This suspicion is further reinforced due to the abnormal downtime of Bricklink’s site. The event is ongoing. .
Prior to going live in its current form in June of 2020, Bricklink was purchased by the Lego Company - increasing the data tranche and user harm potential. .
Bricklink has yet to offer an official explanation or confirmation of a breach. Their messaging is ominous on this topic:
“Bricklink is currently investigating some unusual activity, so it’s too early to speculate further. We will share more information once it’s available.”
The best source we currently have is the Bricklink users. A subset of users have reported ransomware threats sent directly to them or appearing on the Bricklink site before the abrupt shut down. Since being founded in 2019, Bricklink has amassed more than 10,000 seller stores across 70 countries - which means that the implications could reach worldwide.
Users have further stated that seller and store accounts have been hacked, and that they have received further threatening messages requesting prompt payment to avoid deletion of inventory items.
Example of email received below:
We do not have confirmation of what data was leaked, and whether there was a confirmed breach. Because of the open questions, users should approach the situation as if data they shared with the company has fallen in hackers’s hands. This could include,but is not limited to:
If you are a Bricklink user, do not click links sent via email or SMS claiming to be from the company. Verify every piece of communication with the official company, before responding or sharing any information with the sender. Should you receive a ransomware threat, do not engage with the hackers. This could lead to additional threats if they feel that the tactic is working.