I still don't know how a company owning the primary distribution network for its own aftermarket isn't running afoul of antitrust laws. That's massive vertical integration, which is usually a red flag for that sort of thing.
I wanted to check a minifigure hat tonight and I thought bricklink was having another 2am maintenance thing. I thought they were changing things up but I never thought it would be hackers lol
This feels like a puff of smoke to me. The threat is just a non-threat (deleting items doesn't change much, they have backups). The only worrying thing here is personal information but they don't talk about it in the message. Also if they had the personal information they wouldn't ask for 50k that's just nothing lmao
Bricklink interface looks like late 90-ies. I hope their IT Safety is not the same 😮 If you remember Garmin case (got hacked few years ago) time to recover was over a week or something. So i dont expect that tomorrow everything will be ok. Will see...
Well the original creator created the site in the late 90s and was built using classic ASP/VB/SQL Server. Don't know if Lego ever upgraded any of the technology when they took over...doubt it since they never upgraded the user interface.
There were a bunch of stores that got comprised and scammer people with low prices and bank transfers. Apparently had been going on for a few days. I’m hoping LEGO took the site down until they can determine which stores and buyers got hacked. Some sellers back up a copy of their store using Brick Store or regularly link their store to Brick Owl. Those will be ok if the site is hacked or their individual store got hacked. Whatever the situation, the thing that’s disappointing is the lack of communication from Lego through social media. Perhaps because it’s not as bad as some of us think it is.
Bricklink updated the message on the maintenance page: "Update November 4th. 3.58 am EST We continue to investigate the unusual activity. We want to make sure we take the time to investigate fully. We will be back up and running as soon as possible."
yeah i use bl regular as buyer, though know many others (alot of people use it also) if lego can't fix this i can see lot angry lego fans having go at lego but by sounds of it there security on bl was out dated which is odd for saying how big lego is as company if someone can hack into bl like that and not be afraid of company also if caught.
Hey Ryan! Interesting video. I work within cybersecurity (on the technical side, so I actually know a thing or two - unlike people in Sales or something) and here are my thoughts. First, the potential ransom just seems so odd. First, if the attackers truly had customer data, one would think that they would lead with "We will expose your user data if you don't pay" as opposed to just deleting inventories. Yeah deleted inventories would be a large inconvenience (if it happened), but a personal data leak is way worse (esp. considering Lego is based in a country within the European Union who would fine them significantly for a data breach (due to strong regulations like the GDPR) and how big of a reputationhit a data breach is. Second, if they truly have the access they say they do then 50,000 seems incredibly low, especially if you consider the size of Lego. Attackers have to set a logical price for what they claim to have and 50 leads me to believe the attackers have little to nothing. Last on the note, at the end the attacker switches from "we're big, there's a lot of us" to "trust me" which leads me to believe this is likely 1 person. The attempt to appear tough + the POV shift suggest that. Now to backups. First, to answer the rewind thing - presumably Lego does have backups. If not, I'd be both concerned and surprised. Where it gets a little tricky is - have the attackers breached the website itself or have they breached Lego's internal systems and servers? The ransom note leads me to believe they've only gotten to the website (if anything). Again, if they had system access they could share personal info or in terms of backups they could possibly delete the backups (depending on if they were airgapped and immutable or not). Again, my guess is some level of backups do exist and the information you presented suggests that the hackers haven't touched them. Something to note, even if the backups weren't touched, Lego would (or should) backup to the known "good" state. If the hackers were detected to have been in systems last week, then Lego would likely be restoring to a backup last week when the attackers weren't present (for example), so you could still lose out on purchases and such from within the last week (or whatever timing is chosen). Second regarding the backups, if Lego doesn't truly host BrickLink and some other company does all the hosting and support type stuff, then a lot of this could be out of Legos hands. Lego may still store data, but the website (which I believe was the only thing compromised) would need to be fixed by the host vendor. The only issue is that makes it hard to speculate because I, personally, don't know how Lego has everything configured. Overall, my guess is that this likely isn't a ransomware data breach, but more likely someone gained low-level website access or launched a DDoS attack to bring the website down. As others have noted, the alleged ransom note seems vague. This leads me to believe the attackers just want quick cash for something minor and do not truly have significant system / data access. There is A LOT that goes into incident response and cyber security as a whole and I could be wrong (or missing key facts about the incident or Lego's systems, or just wrong wrong I guess), but based on my understandings and experience, this seems to be the more likely scenario compared to what is claimed. Hopefully things are fixed and it was a minor incident! :)
@AToastMadeOfLego Yeah I mean it depends A LOT on how things are configured internally, so it's hard to say with complete certainty. I personally don't know how Lego has things set up or the potential skillset of the attacker; however, the clues I see and my understanding of incident response lead me to believe its far from the end of the world. Lego may give more info (if they haven't already), but if nothing happened (or they paid the ransom - which I hope they didn't), then we will likely not hear much of anything about this (the industry norm is to keep quiet unless you have to notify people). Hopefully its nothing major nonetheless! :)
With how rudimentary Bricklink appears to be as a website, and with how technologically illiterate Lego seems to be (like not even offering an App) I honestly wouldn't be surprised if there was no easy backup or reset. As much as Lego would hate to do it, one of the easiest and most straightforward fixes may be to pay off the hackers and hope they keep their word since their asking price is drops in the bucket compared to how bad a total wipe of the website would be, but that's just hoping that someone willing to rob you is going to play nice or by any rules which I think is unlikely. Maybe Lego has info on how to fix it without giving in to their demands. Let's hope so for the sake of the resellers.
Oh no, I hope they can recover. I see people being angry at LEGO and Bricklink for this, but it is not their fault. Stop blaming the victims. Thanks for the update, Ryan. I can see a lot of people losing on this, but my fingers are crossed that LEGO will get it back. I am sure they have back-ups. I think it is crazy if they don't right?
I guarantee this hack was because Bricklink has either no security, very simple security or someone just asked for the password. Either way it’s probably their fault they got hacked.
@@g.williams2047I agree. Out of all the sites why would they target Bricklink unless it had super bad security? These hackers usually attack the easiest to breach sites.
i really hope it'll be okay and nothing bad's gonna happen. i saw the image earlier and thought they were just doing normal work on the site, but now seeing this chills me to the core
Best wishes ending a ransom note is hilarious “If you want to see your kid again, bring $10k in unmarked bills to this location. Best wishes, the kidnappers 🥰”
It looks like the hacker has breached multiple buyer and seller accounts but not the website itself. They were posting on the forum and threatening to delete large inventories and steal data. But nothing more e.g. no threat to dump backend databases, delete website files, or take the site offline. This sounds to me like they've used breached some big stores and user accounts probably with leaked / re-used credentials.
Something else you didn't bring up, is a lot of Used Lego Stores, like the one I work at, use bricklink as our pricing system. This means as long as the website is down, we can't easily price sets at fair prices. (Sure Ebay is a thing, but those prices can be not the most reliable.)
I find it odd that the hackers are asking for just €50.000. That’s not a lot for taking down a website for ransom. At least ask for an Eiffel Tower. A bunch of UCS sets 🤣
While I think the title is mildly misleading, its good to share this information. Bricktsar has shared a reddit post on his community tab that explains the full situation in more depth and with less speculation, with the bigger problem being some dormant stores being hacked and used to sell expensive sets/parts/minifigures being listed for incredibly cheap and being sold to some. According to that reddit post there where a number of red flags, as well as these stores only using bank transfer and another non-protected form of payment, once again reinforcing the point that if you use paypal or stripe your payment info is absolutely protected. The post apso recommended changing your passwords on your gmail or other sites if it matches your bricklink password, assumedly in case passwords are in the line of fire. Good luck to all, stay safe.
There will be chaos if they cannot restore a backup of store inventory. 24-48hrs will be a pain to modify but anything older, you'd need to ask some serious questions why.
I thank you for sharing this, 'MandRproductions'! It's been over 2 years since I have bought anything off of Bricklink; but I wonder here how this affects LEGO TH-cam content creators like 'just2good', 'BrickTsar', 'Ashnflash', 'The Brick Show Official' and 'Keep the Piece'/'The TTV Channel' - some of whom are friends of yours.
I could smell the neck grease just reading that ransom note. They could easily get money by working a job instead of sitting at a computer all day feeling sorry for themselves. If they have the time to hack a website, they have the time to go outside.
sadly bricklink is still down and i actually got a notification that a device logged into my account so i quickly logged out and deleted studio it was scary as hell but at least it is over for me. I still dont understand why they hacked a frickin lego store
Honestly if it is as bad as hackers want us to think it will be, Lego will lose a lot more money than if they just pay the hackers although I do get morally not wanting to pay them. Also super glad I got a bricklink order in last week before the sight went down
There's unfortunately a few reasons that companies would pay hackers, but there are also many reasons companies SHOULDN'T pay hackers. If it's cheaper to pay up or go through a negotiation group (apparently some exist), then that's the play that gets made. If the asking price is utterly unreasonable, it won't get done. You shouldn't pay hackers without a negotiation group on your side because you have no guarantee the hackers will make good on their word, I mean they've already committed a criminal act so how much can you really trust them? It's tough to know how this will play out
Paying the hacker is the worst choice you can make when dealing with this situation. Because the hacker 'll alway come back another time for more money.
@@huymaivan8671 Yeah, they could always just ask for more money after you initially pay them. Like there is no reason for them to stop. It's a very difficult situation
You should never pay them. They already have your info, they will either ask for more or end up leaking it anyway. They could pretend to be another hacking group with your info. Best bet is to contact the police so they could be caught.
Other than personal information possibly being stolen, this was a lesson well needed. Hopefully LEGO decides to put some actual money into a company they bought and update the sites security and UI. I mean they keep making pointless apps that they probably spent millions on.
Such a large site would have automatic offsite backups, probably in multiple locations. It might take a while to restore inventories, but it would go back up...
In almost 20 years the site ran securely and without issues. LEGO buys it and it gets hacked. Somehow, there's a part of me that can't help but be suspicious of this. From the get go I heavily questioned the intentions of LEGO when buying their biggest competitor. And this hack now seems like a *pretty convenient* excuse for LEGO to justify shutting down the entire site "for security reasons" and try to direct people into their garbage and more expensive "Pick A Brick" service... We'll see. Call me whatever you want, but I'm absolutely not ruling out LEGO itself being behind this.
Wouldn't it be illegal to do that ESPECIALLY since they have a bunch of sellers who run their store as a job. I doubt that's the case. Poor security that was never actually updated sounds more likely, and now that Lego is the owner the hackers actually have "someone" that they can blackmail for reputation.
@@RCmies It is illegal, but you'd have to be able to prove LEGO did it. Which is hard to do. And they don't even need to have directly orchestrated the attack. All they had to do is what they did: invest nothing on the security of the website. There were TWO security flaws discovered and reported to LEGO LAST DECEMBER by Salt Security that "allowed an attacker to take over members' accounts, access and steal personally identifiable information (PII) stored on the platform, or even gain access to internal production data and compromise internal servers". Sounds familiar? This seems to be exactly what happened now. Which leads me to believe LEGO didn't actually bother fixing anything. IF they didn't...then the question should be "why didn't they"? Who, besides the hackers, stands to benefit from BrickLink's shutdown? On top of that, why would hackers only ask 50 thousand euros from a multi-billion euros company? Isn't that odd?
I just found this video because on 11/7/23 the lego shop website got hacked and several hundred sets were being sold for $20 or less. $800 sets were being sold for $17,it was insane.
If these hackers are claiming that theyve gotten into the system and are threatening to delete store inventories and to leak out personal information why ask only for 50K. So much effort for such little money, feels like a lot of smoke and mirrors.
I'm not a Bricklink seller but I make my living selling on eBay. I can very vividly imagine the dread that some Bricklink sellers are feeling right now. I have around 1,800 items currently listed in my eBay store and if my whole inventory got wiped out it would take at least a month to rebuild it but probably closer to two months and there would be nothing I could do to replace all the lost watchers of my items. I imagine the work it must take to build up a Bricklink store with hundreds of thousands of individual inventory items. Having all that work wiped out would be financially devastating for those sellers. Hackers suck.
If the sites IT is up to date - which it hopefully is. It should have daily snapshots. I work in the industry and it's normal procedure for companies to have backups or disaster recover plans.
Anyone who has the same password for bricklink and Lego might want to change their Lego password. Hackers generally steal passwords and logic is that people would use the same password for both.
A hack trace is always left. It might take a while for original location to be bounced back but it will happen eventually. Probably some company in China
From the team's communication, it was most likely a credential stuffing attack, which only works if you reuse passwords, and they were breached somewhere else. That's why only a relatively small number of users were affected, and why they're having a hard time fixing it, as its a difficult type of attack to prevent against. It's also why they're forcing password and API key changes. The attackers are clearly amateurs.
i was checking prices on the cantina and reloaded the page to find the maintenance page up, and i thought nothing of it. and of god this will be awful if they do go through with hacking it
The way hackers always try to sound so scary and powerful in their ransom messages is so funny to me, really shows how likely insecure these people are irl.
As a seller , especially a big seller u would have a backup file of your store inventory anyways, especially when u sell on multiple sites like BrickOwl where u need a connector that saves the inventory files to keep them updated so they have the same inventory. But personaly I think the Hacker stuff is BS and its just a few accounts got hacked which they are now tracking down.
I hope they don't keep the site down for nine-plus years. Right now, I have one order that I haven't received yet, but the seller did ship it. I just hope that I get it and that this website comes back online.
I made an order about 3 days ago for the old light gray Zam helmet (for a custom Rock Raider, not for Zam). The seller sent me Zam’s head and torso as _freebies_ and now I can’t even give them a glowing review :/ I also can’t access my wanted lists for MOC checklists or check prices for parts to compare to pick-a-brick. Didn’t realize how much I needed BL until it’s down Also, PLEASE change your passwords if your BrickLink password is reused anywhere! Like Ryan said, if you use PayPal you should be okay since PayPal keeps your payment info secure. If you put your card info on there directly (like for IBAN) you may want to disable it and get a new card, however. That’s what the hackers were forcing people to use when they took over the initial stores a few days ago.
Bricklink is incompetent and has very lax security. I am suprised this didn't happen earlier. It is likely that there has not only been a data breach, but the whole server has been infected. This could have happened by an XML XXE injection attack, that basically allows the attacker to gain control over Bricklink's servers. Best-case: The "hackers" are bluffing and they have only gained access to the (hopefully) hashed passwords. Worst-case: They have had access to BL internal servers for several years, which means they have the ability to delete all backups, everything, so BL is basically screwed.
@@doufmech4323 oh for sure, an amateur hacker group could breach it. Which I think these guys are. I don’t think they’ve done an injection attack to wipe all backups though. If they knew how to do that and did it to BrickLink they’d realize the value of their target and probably be asking for much more is what I’m saying
It's a SCAM! It hasn't been hacked at all!! Restore to the latest backup, upgrade the security patches and fire it back up again! These scammers just try to scare them into paying a ransom for nothing! 😉👍🏼
The idea that someone has attacked The Lego Group for Bitcoin was not on my 2023 bingo card... like what even is this anymore??? RANSOMING a toy company's hobby site is unhinged level crazy. That's such a strange crime to concoct with other people (Hopefully only 1 person is doing this and using the royal 'we'). I'm so resistant to even think that more than 3 people agreed to do this, NO ONE spoke up at the crime meeting like, "Hey Jim, maybe that's kind of stupid..."
It’s actually really genius tbh. BrickLink is the biggest used Lego market and also arguably the best Lego database. Its value to the Lego community is immeasurable. However its infrastructure is also like 15 years out of date, so it was probably an incredibly easy target to get into. If the hackers really have the control they claim, I doubt they realize the true value of what they’ve hacked.
For someone who works in web development, websites can have an actioned rollback meaning the website will be backdated to a certain date depending on when Lego/brick link backed it up. Websites nowadays should also have different environment, a live instance and a staging instance to work on and make updates to the site. I know bricklink is outdated and websites should be refreshed every two years but I would hope Lego have a plan for all this mess. It’s very concerning security breaches can occur by external users with such ease.
50K seems like a small amount for a hack like this. Do we even know the threatening image is legit? Not disputing it's a hack, but is that rasmome note real?
Dunno if people have thought of this. This has the capacity to reset the entire secondary market altogether. Fair market value or going prices on mini figs and parts will be reset. Then no one will know what to list product for due to lack of info on last 6 months sales.
I still don't know how a company owning the primary distribution network for its own aftermarket isn't running afoul of antitrust laws. That's massive vertical integration, which is usually a red flag for that sort of thing.
I wanted to check a minifigure hat tonight and I thought bricklink was having another 2am maintenance thing. I thought they were changing things up but I never thought it would be hackers lol
Same
Yeah me too- I was looking up a figure from an ebay lot to check the value and assumed it was just maintenance.
Same dude! It's my go-to place. Plus we have the BDP stuff this month on the 20th, hope nothing gets messed up there...
Same man, I personally missed out on orange sabers :( might just go find a ninjago set myself to get the piece
same
Man...I hope everything goes well, it would be sad if people couldn't buy the sets of the old time that well anymore
Well worst time ... I was buying multiple vintage sets this weekend. Hope its back up in a bit
Bricklink is back online they cleared the ransomware but you have to reset your password due to the ransomware.
Out of all the websites, why bricklink 🤦♂️
Probably an easy target as an outdated website tbh
@@MandRproductions such a shame, I always loved the retro vibe about Bricklink 😢
Chaos during the holiday shopping season
Lego skimping on cybersecurity.
Very bad idea. How many autistics love lego. Hackers meet weaponized Autism
For once procrastinating about purchasing moc parts pays off... Just hope it doesn't take too long...
Brick owl is good
This feels like a puff of smoke to me. The threat is just a non-threat (deleting items doesn't change much, they have backups). The only worrying thing here is personal information but they don't talk about it in the message.
Also if they had the personal information they wouldn't ask for 50k that's just nothing lmao
My guess is they don’t have access to that as well
if lego pays the money than other hackers will do that same thin to the site for another easy 50k
@@Captain_Forrdo_is_the_goat Lego would sooner let everyone’s credit card info get used than pay any amount of money.
Bricklink interface looks like late 90-ies. I hope their IT Safety is not the same 😮 If you remember Garmin case (got hacked few years ago) time to recover was over a week or something. So i dont expect that tomorrow everything will be ok. Will see...
Well the original creator created the site in the late 90s and was built using classic ASP/VB/SQL Server. Don't know if Lego ever upgraded any of the technology when they took over...doubt it since they never upgraded the user interface.
It is lol
@@ryanironheart4154If that's the case I'm thinking a simple SQL injection might've been used...
There were a bunch of stores that got comprised and scammer people with low prices and bank transfers. Apparently had been going on for a few days. I’m hoping LEGO took the site down until they can determine which stores and buyers got hacked. Some sellers back up a copy of their store using Brick Store or regularly link their store to Brick Owl. Those will be ok if the site is hacked or their individual store got hacked. Whatever the situation, the thing that’s disappointing is the lack of communication from Lego through social media. Perhaps because it’s not as bad as some of us think it is.
Oh damn this is insane. Hopefully Lego is able to fix this quickly
Bricklink*
@@The_DavidoskkyLego*
@@The_Davidoskkylego*
@@The_Davidoskkybro Lego owns bricklink so it’s they’re website so it’s their problem
@@Customs25 i dont knowed it (that lego company have bricklink)
My job requires me to use it, so I'm pretty freaking upset, I also feel so bad for people with their information on there, I wish them the best.
If you’re using it for the information Brick economy still works
Brick Owl is another good store
If your job involves bricklink and lego, you are in a very awesome job.
Same here, it's been crippling not having access to price guides and inventories
@@double_king100% lol
Bricklink updated the message on the maintenance page: "Update November 4th. 3.58 am EST We continue to investigate the unusual activity. We want to make sure we take the time to investigate fully. We will be back up and running as soon as possible."
I was literally refreshing the bricklink page as you posted this... hope it all gets resolved quickly.
If they don’t have security measures in place on the backend database this could be a huge deal
yeah i use bl regular as buyer, though know many others (alot of people use it also) if lego can't fix this i can see lot angry lego fans having go at lego but by sounds of it there security on bl was out dated which is odd for saying how big lego is as company if someone can hack into bl like that and not be afraid of company also if caught.
BL is outdated as fuck, they definitely do not have any sort of security measure. Hopefully this leads them to finally updating the site.
Hey Ryan! Interesting video. I work within cybersecurity (on the technical side, so I actually know a thing or two - unlike people in Sales or something) and here are my thoughts.
First, the potential ransom just seems so odd. First, if the attackers truly had customer data, one would think that they would lead with "We will expose your user data if you don't pay" as opposed to just deleting inventories. Yeah deleted inventories would be a large inconvenience (if it happened), but a personal data leak is way worse (esp. considering Lego is based in a country within the European Union who would fine them significantly for a data breach (due to strong regulations like the GDPR) and how big of a reputationhit a data breach is. Second, if they truly have the access they say they do then 50,000 seems incredibly low, especially if you consider the size of Lego. Attackers have to set a logical price for what they claim to have and 50 leads me to believe the attackers have little to nothing. Last on the note, at the end the attacker switches from "we're big, there's a lot of us" to "trust me" which leads me to believe this is likely 1 person. The attempt to appear tough + the POV shift suggest that.
Now to backups. First, to answer the rewind thing - presumably Lego does have backups. If not, I'd be both concerned and surprised. Where it gets a little tricky is - have the attackers breached the website itself or have they breached Lego's internal systems and servers? The ransom note leads me to believe they've only gotten to the website (if anything). Again, if they had system access they could share personal info or in terms of backups they could possibly delete the backups (depending on if they were airgapped and immutable or not). Again, my guess is some level of backups do exist and the information you presented suggests that the hackers haven't touched them. Something to note, even if the backups weren't touched, Lego would (or should) backup to the known "good" state. If the hackers were detected to have been in systems last week, then Lego would likely be restoring to a backup last week when the attackers weren't present (for example), so you could still lose out on purchases and such from within the last week (or whatever timing is chosen). Second regarding the backups, if Lego doesn't truly host BrickLink and some other company does all the hosting and support type stuff, then a lot of this could be out of Legos hands. Lego may still store data, but the website (which I believe was the only thing compromised) would need to be fixed by the host vendor. The only issue is that makes it hard to speculate because I, personally, don't know how Lego has everything configured.
Overall, my guess is that this likely isn't a ransomware data breach, but more likely someone gained low-level website access or launched a DDoS attack to bring the website down. As others have noted, the alleged ransom note seems vague. This leads me to believe the attackers just want quick cash for something minor and do not truly have significant system / data access. There is A LOT that goes into incident response and cyber security as a whole and I could be wrong (or missing key facts about the incident or Lego's systems, or just wrong wrong I guess), but based on my understandings and experience, this seems to be the more likely scenario compared to what is claimed. Hopefully things are fixed and it was a minor incident! :)
Ah thank god it might not be anything too big was getting a bit worried
@AToastMadeOfLego Yeah I mean it depends A LOT on how things are configured internally, so it's hard to say with complete certainty. I personally don't know how Lego has things set up or the potential skillset of the attacker; however, the clues I see and my understanding of incident response lead me to believe its far from the end of the world. Lego may give more info (if they haven't already), but if nothing happened (or they paid the ransom - which I hope they didn't), then we will likely not hear much of anything about this (the industry norm is to keep quiet unless you have to notify people). Hopefully its nothing major nonetheless! :)
Dang Megablocks trying to take down the LEGO community!!!!
Honestly insane and I still don’t get why someone would wanna hack a Lego run website.😊
They don’t really care
Money, have it out for LEGO,
lego makes millions easily by selling lego daily so in theory of course they have target on thier head as hackers know lego isnt cheap.
Wow hacking a Lego site. I never thought I would see the day. It's pretty scary and really could affect so many people! I wish everyone the best!
With how rudimentary Bricklink appears to be as a website, and with how technologically illiterate Lego seems to be (like not even offering an App) I honestly wouldn't be surprised if there was no easy backup or reset. As much as Lego would hate to do it, one of the easiest and most straightforward fixes may be to pay off the hackers and hope they keep their word since their asking price is drops in the bucket compared to how bad a total wipe of the website would be, but that's just hoping that someone willing to rob you is going to play nice or by any rules which I think is unlikely. Maybe Lego has info on how to fix it without giving in to their demands. Let's hope so for the sake of the resellers.
Oh no, I hope they can recover. I see people being angry at LEGO and Bricklink for this, but it is not their fault. Stop blaming the victims. Thanks for the update, Ryan. I can see a lot of people losing on this, but my fingers are crossed that LEGO will get it back. I am sure they have back-ups. I think it is crazy if they don't right?
I guarantee this hack was because Bricklink has either no security, very simple security or someone just asked for the password. Either way it’s probably their fault they got hacked.
no, stop speculating. You have no idea how their security is. I can tell you for sure they are not that simple.@@g.williams2047
@@g.williams2047I agree. Out of all the sites why would they target Bricklink unless it had super bad security? These hackers usually attack the easiest to breach sites.
this. i saw plenty of similar actions done by an hacktivist i know of. she just doesnt ransom data@@g.williams2047
How is this not there fault? I am trying to see it from your perspective.
i really hope it'll be okay and nothing bad's gonna happen. i saw the image earlier and thought they were just doing normal work on the site, but now seeing this chills me to the core
I feel so bad for Lego sellers right now who live off of Bricklink
People live off brick link ??
@@MegaJohn334it is a side gig
@@MegaJohn334sellers who make their income off of brickink
Thanks for the heads up, Ryan!
Best wishes ending a ransom note is hilarious
“If you want to see your kid again, bring $10k in unmarked bills to this location. Best wishes, the kidnappers 🥰”
Looks like Mega Blocks got a new tactic 😂
oh my god 🤣
It looks like the hacker has breached multiple buyer and seller accounts but not the website itself. They were posting on the forum and threatening to delete large inventories and steal data. But nothing more e.g. no threat to dump backend databases, delete website files, or take the site offline. This sounds to me like they've used breached some big stores and user accounts probably with leaked / re-used credentials.
Lego need to invest in this website and update it
Man, never has a title gotten my attention so quickly
Bro I just signed in and created a brink link account two days ago to order some peices, glad I didn’t order anything or put my card in
actually kinda funny seeing the cute minifigure face next to the ransom note
Something else you didn't bring up, is a lot of Used Lego Stores, like the one I work at, use bricklink as our pricing system. This means as long as the website is down, we can't easily price sets at fair prices. (Sure Ebay is a thing, but those prices can be not the most reliable.)
I find it odd that the hackers are asking for just €50.000. That’s not a lot for taking down a website for ransom. At least ask for an Eiffel Tower. A bunch of UCS sets 🤣
Those hackers sound like kids:
"Don't delete the messages because we'll be angry"
And
"Don't mess with us"
Come on now
While I think the title is mildly misleading, its good to share this information. Bricktsar has shared a reddit post on his community tab that explains the full situation in more depth and with less speculation, with the bigger problem being some dormant stores being hacked and used to sell expensive sets/parts/minifigures being listed for incredibly cheap and being sold to some. According to that reddit post there where a number of red flags, as well as these stores only using bank transfer and another non-protected form of payment, once again reinforcing the point that if you use paypal or stripe your payment info is absolutely protected. The post apso recommended changing your passwords on your gmail or other sites if it matches your bricklink password, assumedly in case passwords are in the line of fire.
Good luck to all, stay safe.
PUT THE LEGO IN THE BAG NOW!
There will be chaos if they cannot restore a backup of store inventory. 24-48hrs will be a pain to modify but anything older, you'd need to ask some serious questions why.
I thank you for sharing this, 'MandRproductions'! It's been over 2 years since I have bought anything off of Bricklink; but I wonder here how this affects LEGO TH-cam content creators like 'just2good', 'BrickTsar', 'Ashnflash', 'The Brick Show Official' and 'Keep the Piece'/'The TTV Channel' - some of whom are friends of yours.
This sucks. I was gonna print off an inventory for a rebrickable model this evening and couldn’t because of this security breach.😑
I just hope everyone information will stay safe.
I could smell the neck grease just reading that ransom note. They could easily get money by working a job instead of sitting at a computer all day feeling sorry for themselves. If they have the time to hack a website, they have the time to go outside.
i highly doubt that note is genuine, if someone is actually proficient this much in hacking 50,000euros is nothing
how am I just hearing about this!
I was gonna order some parts in a day or two. I can't even remember what was in my wanted list...
sadly bricklink is still down and i actually got a notification that a device logged into my account so i quickly logged out and deleted studio
it was scary as hell but at least it is over for me. I still dont understand why they hacked a frickin lego store
Honestly if it is as bad as hackers want us to think it will be, Lego will lose a lot more money than if they just pay the hackers although I do get morally not wanting to pay them. Also super glad I got a bricklink order in last week before the sight went down
There's unfortunately a few reasons that companies would pay hackers, but there are also many reasons companies SHOULDN'T pay hackers. If it's cheaper to pay up or go through a negotiation group (apparently some exist), then that's the play that gets made. If the asking price is utterly unreasonable, it won't get done. You shouldn't pay hackers without a negotiation group on your side because you have no guarantee the hackers will make good on their word, I mean they've already committed a criminal act so how much can you really trust them? It's tough to know how this will play out
Paying the hacker is the worst choice you can make when dealing with this situation. Because the hacker 'll alway come back another time for more money.
@@huymaivan8671 Yeah, they could always just ask for more money after you initially pay them. Like there is no reason for them to stop. It's a very difficult situation
You should never pay them. They already have your info, they will either ask for more or end up leaking it anyway. They could pretend to be another hacking group with your info. Best bet is to contact the police so they could be caught.
Other than personal information possibly being stolen, this was a lesson well needed. Hopefully LEGO decides to put some actual money into a company they bought and update the sites security and UI. I mean they keep making pointless apps that they probably spent millions on.
Wow thanks for the update Ryan, hope everything gets fixed!
Such a large site would have automatic offsite backups, probably in multiple locations. It might take a while to restore inventories, but it would go back up...
This sucks, I really want my commando droids. I guess I’m lucky that I’m not selling just buying
It's an issue for buyers, because sensitive data could have been leaked.
Holt crap dude, this just scared the life out of me! thx for reporting on it!
This actually has me very worried.
I’m just glad I ordered the parts for my MOCs October.
In almost 20 years the site ran securely and without issues. LEGO buys it and it gets hacked.
Somehow, there's a part of me that can't help but be suspicious of this. From the get go I heavily questioned the intentions of LEGO when buying their biggest competitor.
And this hack now seems like a *pretty convenient* excuse for LEGO to justify shutting down the entire site "for security reasons" and try to direct people into their garbage and more expensive "Pick A Brick" service...
We'll see. Call me whatever you want, but I'm absolutely not ruling out LEGO itself being behind this.
Wouldn't it be illegal to do that ESPECIALLY since they have a bunch of sellers who run their store as a job. I doubt that's the case. Poor security that was never actually updated sounds more likely, and now that Lego is the owner the hackers actually have "someone" that they can blackmail for reputation.
Then you're a frucktard
@@RCmies It is illegal, but you'd have to be able to prove LEGO did it. Which is hard to do.
And they don't even need to have directly orchestrated the attack. All they had to do is what they did: invest nothing on the security of the website.
There were TWO security flaws discovered and reported to LEGO LAST DECEMBER by Salt Security that "allowed an attacker to take over members' accounts, access and steal personally identifiable information (PII) stored on the platform, or even gain access to internal production data and compromise internal servers". Sounds familiar?
This seems to be exactly what happened now. Which leads me to believe LEGO didn't actually bother fixing anything. IF they didn't...then the question should be "why didn't they"?
Who, besides the hackers, stands to benefit from BrickLink's shutdown? On top of that, why would hackers only ask 50 thousand euros from a multi-billion euros company? Isn't that odd?
The amount of ignorance in this is truly incredible.
That ransom note is fake, in the real one they were actually demanding Lego to get rid of the helmet holes and to start including waist capes again
Last night I tried going on to check some prices and thought that maintenance then was a little weird, but it’s sad to hear this news.
I just found this video because on 11/7/23 the lego shop website got hacked and several hundred sets were being sold for $20 or less. $800 sets were being sold for $17,it was insane.
When?
That explains a lot, now I am scared of two orders I placed.
I was just about to buy the pieces for a set im making and now Legos hacked. Best of luck Bricklink
I have an outstanding order, got my invoice around 8 am and by the time I went to pay for it bricklink was gone, so RIP to those pieces
Who knew ppl would get mad at plastic. Guess they stepped on a 2x2 brick
If these hackers are claiming that theyve gotten into the system and are threatening to delete store inventories and to leak out personal information why ask only for 50K. So much effort for such little money, feels like a lot of smoke and mirrors.
I'm not a Bricklink seller but I make my living selling on eBay. I can very vividly imagine the dread that some Bricklink sellers are feeling right now. I have around 1,800 items currently listed in my eBay store and if my whole inventory got wiped out it would take at least a month to rebuild it but probably closer to two months and there would be nothing I could do to replace all the lost watchers of my items. I imagine the work it must take to build up a Bricklink store with hundreds of thousands of individual inventory items. Having all that work wiped out would be financially devastating for those sellers. Hackers suck.
If the sites IT is up to date - which it hopefully is. It should have daily snapshots. I work in the industry and it's normal procedure for companies to have backups or disaster recover plans.
Shit, I have a bricklink account, I guess I'm gonna get a bunch of "new" emails soon.
I work for a fortune 500 company that got hacked recently. We still don't have all systems back up and running and it has been about 3 weeks
Anyone who has the same password for bricklink and Lego might want to change their Lego password. Hackers generally steal passwords and logic is that people would use the same password for both.
“You will create every single battalion of clone in LEGO within the next year. If you do not, we will kill bricklink”
A hack trace is always left. It might take a while for original location to be bounced back but it will happen eventually. Probably some company in China
Thanks for the info. Keep us Informed.
Gotta love the Rex on the Y-wing on the desk foreshadowing tomorrows video :)
I price minifigures through brick link to figure out what to price stuff and this has had a very complicated situation
Well, that put a damper on my plans for this month until Lego fixes their security.
Every modern web application definitely has a backup, at least a full backup going back a day.
If the hackers have access to the back end of the website they likely have access to the backups/logs and could clear those as well
scariest thing is if Lego comes in and demands more control
From the team's communication, it was most likely a credential stuffing attack, which only works if you reuse passwords, and they were breached somewhere else. That's why only a relatively small number of users were affected, and why they're having a hard time fixing it, as its a difficult type of attack to prevent against. It's also why they're forcing password and API key changes. The attackers are clearly amateurs.
i was checking prices on the cantina and reloaded the page to find the maintenance page up, and i thought nothing of it. and of god this will be awful if they do go through with hacking it
The way hackers always try to sound so scary and powerful in their ransom messages is so funny to me, really shows how likely insecure these people are irl.
As a seller , especially a big seller u would have a backup file of your store inventory anyways, especially when u sell on multiple sites like BrickOwl where u need a connector that saves the inventory files to keep them updated so they have the same inventory. But personaly I think the Hacker stuff is BS and its just a few accounts got hacked which they are now tracking down.
I hope they don't keep the site down for nine-plus years. Right now, I have one order that I haven't received yet, but the seller did ship it. I just hope that I get it and that this website comes back online.
It's incredible how many people's lives depend on "hacks", stealing, and crime and that it is affecting one of Lego's sites
I made an order about 3 days ago for the old light gray Zam helmet (for a custom Rock Raider, not for Zam). The seller sent me Zam’s head and torso as _freebies_ and now I can’t even give them a glowing review :/
I also can’t access my wanted lists for MOC checklists or check prices for parts to compare to pick-a-brick. Didn’t realize how much I needed BL until it’s down
Also, PLEASE change your passwords if your BrickLink password is reused anywhere! Like Ryan said, if you use PayPal you should be okay since PayPal keeps your payment info secure. If you put your card info on there directly (like for IBAN) you may want to disable it and get a new card, however. That’s what the hackers were forcing people to use when they took over the initial stores a few days ago.
So this may be why its taking them a while to get my new Insider number...
Hope you get your Gunship parts shipment Ryan!😃
still down at 6am mountain time
Bricklink is incompetent and has very lax security. I am suprised this didn't happen earlier. It is likely that there has not only been a data breach, but the whole server has been infected. This could have happened by an XML XXE injection attack, that basically allows the attacker to gain control over Bricklink's servers. Best-case: The "hackers" are bluffing and they have only gained access to the (hopefully) hashed passwords. Worst-case: They have had access to BL internal servers for several years, which means they have the ability to delete all backups, everything, so BL is basically screwed.
If they were that competent they’d definitely be asking for more money
@@Nadiki not really, Bricklink is spaghetti code, there must be loads of vulnerabilities.
@@doufmech4323 oh for sure, an amateur hacker group could breach it. Which I think these guys are. I don’t think they’ve done an injection attack to wipe all backups though. If they knew how to do that and did it to BrickLink they’d realize the value of their target and probably be asking for much more is what I’m saying
It's a SCAM! It hasn't been hacked at all!! Restore to the latest backup, upgrade the security patches and fire it back up again! These scammers just try to scare them into paying a ransom for nothing! 😉👍🏼
Its crazy, still waiting on an update from bricklink will see what happens
The idea that someone has attacked The Lego Group for Bitcoin was not on my 2023 bingo card... like what even is this anymore??? RANSOMING a toy company's hobby site is unhinged level crazy. That's such a strange crime to concoct with other people (Hopefully only 1 person is doing this and using the royal 'we'). I'm so resistant to even think that more than 3 people agreed to do this, NO ONE spoke up at the crime meeting like, "Hey Jim, maybe that's kind of stupid..."
It’s actually really genius tbh. BrickLink is the biggest used Lego market and also arguably the best Lego database. Its value to the Lego community is immeasurable. However its infrastructure is also like 15 years out of date, so it was probably an incredibly easy target to get into. If the hackers really have the control they claim, I doubt they realize the true value of what they’ve hacked.
There is third party software I back up my inventory to. Hope big stores do the same.
For someone who works in web development, websites can have an actioned rollback meaning the website will be backdated to a certain date depending on when Lego/brick link backed it up. Websites nowadays should also have different environment, a live instance and a staging instance to work on and make updates to the site. I know bricklink is outdated and websites should be refreshed every two years but I would hope Lego have a plan for all this mess. It’s very concerning security breaches can occur by external users with such ease.
Store inventories should be revitalised and backed up
They bought bricklink 4 YEARS AGO HOW has been that long already 😅😅 this is scary for our personal details
50K seems like a small amount for a hack like this. Do we even know the threatening image is legit? Not disputing it's a hack, but is that rasmome note real?
Ah that’s why I’d seen that image. I wondered what was going on
I tried to get on bricklink the other day and I saw this, was instantly like oh f**k no
Just when we thought shit couldn’t get any worse with LEGO lmaoooo
Y-wing, microfighter and Captain Rex I guess you heard the rumour
--- ooooh,,, I was so confused...
They will put just a backup online and improve the security, i think.
I don't even remember what kind of data Bricklink stores
That explains why brick link wasn’t working for me.
This is why I never get anything from bricklink
Dunno if people have thought of this. This has the capacity to reset the entire secondary market altogether. Fair market value or going prices on mini figs and parts will be reset. Then no one will know what to list product for due to lack of info on last 6 months sales.