After a few days of downtime, BrickLink is now back up and running with operations seemingly back to normal. As confirmed, they did get a ransom letter and from their investigations and they’ve been looking into some suspicious activity on the site since October. At this point, they suggested that it was a credential stuffing event in which cybercriminals use stolen usernames and passwords from another site to access BrickLink. As a result, you’ll have to change your passwords when you access the site and suggest not using the same ones as for other sites.

Welcome back and thank you for your patience. We were down for longer than anyone would have wanted. Now that we’re back up and running, we can share with you what’s happened.

As many of you will know, we received a threat and ransom demand on Friday, November 3rd. We’d been aware of and actively managing some limited suspicious activity since mid-October, with unauthorized sellers offering products at huge discounts and fraudulently accepting payment from buyers.

As soon as we were aware of the potential escalation on November 3rd, we put the site into maintenance mode out of an abundance of caution. We did this to protect our members and keep complete control of the platform while investigating.

We found that a relatively small number of BrickLink accounts may have been accessed. It is important to note that there is no evidence so far that our systems were compromised.

At this stage we believe this was a ‘credential stuffing’ incident, where someone obtains lists of usernames and passwords from a third party, often illegally, and opportunistically tries to use them on a website.

Actions we’ve taken

Although we know that the BrickLink site was not breached, we’ve further strengthened our security. We take the safety of BrickLink and our members very seriously and will continue to step up security across the platform.

We’ve informed people where we have reason to believe that their accounts or stores may have been impacted, and reminded members of ways they can make their accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong, unique passwords for each website you use.

Again, we’re sorry for the interruption and inconvenience this has caused you.

If you have any questions or concerns, have a look at the FAQ for more details, or reach out to [email protected].

Keep up with us by following our social media: Facebook | X/Twitter | Instagram | Threads | Reddit