Data Breaches

Bricklink Data Breach? Incident Overview, Potential Impact, and Protective Measures

November 9, 2023
3 min

Developing Story - Check back as new information comes out surrounding breach specifics

UPDATE: Bricklink has indicated that they did face threats from cybercriminals, and that a small amount of customer data may have been compromised. However, they are reassuring users that this was a result of a credential stuffing scam and not a problem with the site’s security infrastructure. See their latest statement below:

At this stage we believe this was a ‘credential stuffing’ incident, where someone obtains lists of usernames and passwords from a third party, often illegally, and opportunistically tries to use them on a website.”

Details of the possible Bricklink incident

A Bricklink data breach has not been officially confirmed. However, unusual downtime on the site and covert reports on Reddit indicate that the “technical difficulties” may be the result of a cyberattack. This suspicion is further reinforced due to the abnormal downtime of Bricklink’s site. The event is ongoing.  .

Prior to going live in its current form in June of 2020, Bricklink was purchased by the Lego Company - increasing the data tranche and user harm potential.  .

Bricklink has yet to offer an official explanation or confirmation of a breach. Their messaging is ominous on this topic:

“Bricklink is currently investigating some unusual activity, so it’s too early to speculate further. We will share more information once it’s available.”

Impact a Bricklink Data Breach could have on users 

The best source we currently have is the Bricklink users. A subset of users have reported ransomware threats sent directly to them or appearing on the Bricklink site before the abrupt shut down. Since being founded in 2019, Bricklink has amassed more than 10,000 seller stores across 70 countries - which means that the implications could reach worldwide.

Users have further stated that seller and store accounts have been hacked, and that they have received further threatening messages requesting prompt payment to avoid deletion of inventory items.

Example of email received below:

Was personal data leaked?

We do not have confirmation of what data was leaked, and whether there was a confirmed breach. Because of the open questions, users should approach the situation as if data they shared with the company has fallen in hackers’s hands. This could include,but is not limited to:

  • Store Access
  • Full names
  • Contact info [PII]
  • Inventory
  • Store activity
  • Potential financial information

What to do if you were impacted

If you are a Bricklink user, do not click links sent via email or SMS claiming to be from the company. Verify every piece of communication with the official company, before responding or sharing any information with the sender. Should you receive a ransomware threat,  do not engage with the hackers. This could lead to additional threats if they feel that the tactic is working.

Cloaked can help you take back control of your data through unique identity creation for each account. Click here to get started today.

Helpful Links and Other Resources

View all