Tech

LEGO urges fans to change passwords after cyberattack

Rebecca Hills-Duty
Lego cyberattack headerLEGO, Pexels

A cybersecurity attack on LEGO-owned website BrickLink may have compromised user security. Users have been prompted to change passwords and check their anti-virus.

BrickLink is a site set up by LEGO to allow users to buy, sell, and trade LEGO parts, sets, and minifigures. It has become a huge success, and many fans rely on it to complete collections or get obscure parts for elaborate custom builds.

Now users of the site have been warned to re-set their passwords after a cyberattack on the site.

An explanation came via the official LEGO forums, where the security team told users that it was “actively managing” some suspicious activity that has been going on since mid-October.

It seems someone had managed to gain access to some seller accounts, and was selling valuable LEGO items at what are said to be massive discounts, and ‘fraudulently accepting payments from buyers’.

Security breach and ransomware threats

According to the FAQ subsequently released, only a handful of Store accounts were accessed, and in some cases, store inventory was changed or deleted.

Only a very small number of accounts are known to be affected. The post from admin clarified that there was no evidence of the system being breached, and they believed that someone had obtained a database of usernames and passwords and were testing them on the BrickLink until they hit upon a login that worked. This practice is sometimes referred to as ‘credential stuffing’.

Lego Minecraft Deals feature image

Sometime after the beginning of the fraudulent activity, LEGO received a threat and a ransom demand. LEGO’s security team promptly shut down the site as a precautionary measure.

LEGO has not provided further information on the full nature of this ransomware threat, so it is presently unknown what the attackers were asking for, or how much money they were demanding.

LEGO has now brought BrickLink back online. Though LEGO has introduced improved security measures, users of the BrickLink site are still being encouraged to change their passwords and perform basic security checks such as anti-virus scans.

Related Topics

Lego

About The Author

Rebecca Hills-Duty

Rebecca is a Tech Writer at Dexerto, specializing in PC components, VR, AMD, Nvidia and Intel. She has previously written for UploadVR and The Escapist, hosts a weekly show on RadioSEGA and has an obsession with retro gaming. Get in touch at rebecca.hillsduty@dexerto.com

keep reading
Lego
Best LEGO BrickHeadz sets: Disney, Star Wars & more
Ash Singh
Shopping
LEGO Super Mario Expansion sets up to 52% off at Best Buy
Ash Singh
Shopping
LEGO Mario Cat Peach expansion kit gets $28 off as it hits clearance
Ash Singh
Shopping
LEGO City Express Passenger Train kit price hits all time low at Amazon
Ash Singh
Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech