Discussion Forum: Messages by skazy (1368)
Redisplay Messages: Compact | Brief | All | Full      Show Messages: All | Without Replies

 Author: skazy View Messages Posted By skazy
 Posted: Nov 8, 2023 14:25
 Subject: Re: Update on November 3rd incident
 Viewed: 89 times
 Topic: Administrative
View Message
View		Cancel Message
Cancel		Reply to Message
Reply
Thank you for the BL team's big effort these last days! Good job.


In Administrative, Admin_Russell writes:
  Dear BrickLink members,

Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.

Many thanks,

Your BrickLink Team