Why is Bricklink down?

[Lyichir]

On 11/4/2023 at 4:29 PM, Peppermint_M said:

It surprises me just how much I rely on Bricklink for a lot of MOC planning, even when I am not buying. 

I know! Just today I was using Stud.io and wanted to check which version of a certain printed piece was the newer version, but of course the link to the Bricklink database entry was broken...

[Dragunov2]

Well it's more easy to buy on Bricklink than BrickOwl, I have a Wanted List on Bricklink, just choose Easy Buy and that's it, I tried this today on BrickOwl, but I got 20 stores with pieces, but nothing with Easy Buy...

[Toastie]

7 minutes ago, Lyichir said:

to the Bricklink database entry was broken

That's why I use the 1980's style LDRAW database along with their offline updates. Never real-time-up-to-date, but every half year or so ... and have to use crappy design programs as well. Oh well; cyber-security has become a very big deal over the past decades. Nothing new. And when the mighty TLG company acquires BL, Stud.io, and ties them together (an extremely powerful design tool and a world-wide marketplace, it requires huge efforts for securing the myriads of "links" in between. And: I bet, TLG is a class 1 target for cyber criminals.

Best,
Thorsten   

[Lion King]

Randsomware? Not cool…

[HotdogBricks]

Bricklink posted an update on their site:

Update November 5th. 4.40 pm EST

Friday we temporarily closed the BrickLink site due to unusual activity.

Since then, the team has been working super hard to make sure we can reopen as soon as possible – and we’re getting closer to doing that.

Thank you for your patience and support. We’re grateful to have such amazing members.

We know it's frustrating and disappointing. We want to assure you we’re working as fast as we can - and not getting much sleep - to restore BrickLink.

Many thanks,

Your BrickLink team

[Alexandrina]

Honestly that reads to me like quite a positive update - given the circumstances, obviously. It makes it sound as though they're anticipating being back online in the next couple of days/week, rather than a timeline of months or more.

Of course, I have no technical background so perhaps this reads differently to those in the know, but I'm choosing to remain upbeat.

[JohnTPT17]

Looks like things going well for the Bricklink team! I'm fine to let them take the time they need to get things figured out to make sure everything is safe... But I'm also very ready to getting back to shopping!

[Lego Nostalgia]

I paid for the Parisian Restaurant a few days before Bricklink went down, I'm pretty sure the seller would still ship it even if the website is down.

[Classic_Spaceman]

16 hours ago, dirkberlin said:

Would not be surprised, if the whole system is broken fatally. Bricklink was a good single-person-job. But I don't know how deep is lego in this code. 

I certainly hope not! Beyond the marketplace, BrickLink’s catalogue is an invaluable resource for the LEGO community; losing it would be devastating, since rebuilding it entirely would be virtually impossible. 
 

[MAB]

8 hours ago, Alexandrina said:

Honestly that reads to me like quite a positive update - given the circumstances, obviously. It makes it sound as though they're anticipating being back online in the next couple of days/week, rather than a timeline of months or more.

Of course, I have no technical background so perhaps this reads differently to those in the know, but I'm choosing to remain upbeat.

Yes, it is important to remember it was bricklink that took the site down and not hackers. No doubt they can bring it back up whenever they want to. Being the weekend,  I imagine they had only a small number of staff available and we have seen in the past that if something breaks on a Friday evening then it rarely gets fixed until the Monday. Let's hope that any hacked accounts were phished off site or using the same passwords as other hacked accounts elsewhere and that there was no hacking on site. 

It might be that they need to have better security when changing passwords and changing email addresses. If you know the password and email address, you can change the email address, then change the password, effectively locking out the account owner so they cannot change it back. If the account is dormant, it won't be noticed by the owner.

[Mylenium]

5 hours ago, Classic_Spaceman said:

I certainly hope not! Beyond the marketplace, BrickLink’s catalogue is an invaluable resource for the LEGO community; losing it would be devastating, since rebuilding it entirely would be virtually impossible. 

Well, one could only hope that they keep separate databases for the actual catalog vs. the sales stuff. Otherwise BL is a typical case of the horse having gotten too big to ride and also gotten old...

Mylenium

[Classic_Spaceman]

Just now, Mylenium said:

Well, one could only hope that they keep separate databases for the actual catalog vs. the sales stuff. Otherwise BL is a typical case of the horse having gotten too big to ride and also gotten old...

Mylenium

The catalogue is not connected to individual sellers' stores (which is what seems to have been hacked), but if someone is messing around in the "spaghetti code", who knows what might happen? 😬
 

[Peppermint_M]

Oh good! This means I can make a vital order sooner than later.

[Alexandrina]

For anyone who hasn't seen, Bricklink have put a new update up:

Quote

Update November 6th. 4.02 pm EST

Friday November 3rd, we temporarily closed the BrickLink site due to unusual activity.

Since then, the team has been working super hard to make sure we can reopen as soon as possible – and we’re getting closer to doing that.

Our investigations so far suggest that a very small percentage of our accounts may potentially have been accessed by unauthorized individuals. We’ll be in contact with people directly soon with more details.

Thank you for your patience and support – the kind posts we see from all of you on social media make a real difference to the team here.

We know it’s very frustrating and we’re sorry that BrickLink will unfortunately be closed for a bit longer.

Many thanks,

Your BrickLink team

 

[Pirate_King_1982]

This sucks. Shame on the hackers as the people they’re hurting right now are Mom and Pop store that sold through Bricklink and hobbyists who not only purchased through the website, but if anything like me, also used tithe website for research. Who ever the hackers are they’re financially motivated, rather than politically driven, because as I’ve already stated the people who are being hurt the most out of this are little guys. 

[SpacePolice89]

When Bricklink went down I needed a 6854 Alien Fossilizer for my Exploriens display and ended up ordering one from Ebay. When both sites are available I prefer Bricklink for older sets but sometimes I can find rare sets for a good price on Ebay like the 1621 Lunar MPV Vehicle which I bought a couple of months ago for a very low price. What sites do you use besides Bricklink?

[HotdogBricks]

Bricklink posted another update:

Update November 7th. 5.55 pm EST

Our investigations so far suggest that a very small number of accounts have or may potentially have been accessed by unauthorized individuals with data obtained outside our platform. We’ll be in contact with these members directly with more details on how to reopen their accounts.

We’re getting ready to reopen BrickLink soon but we’re still not able to provide a specific time.

When we reopen, we’ve locked all accounts – impacted or not - as a precaution that will require all members to reset their passwords to access their accounts.

We strongly advise all our members to practice good data security. Install and run security software and create strong, unique passwords.

Thank you for your continued patience and support – the kind posts we see from all of you on social media continue to make a real difference to the team here.

We know it’s very frustrating, there is light at the end of the tunnel, we thank you for having a bit more patience with us.

Many thanks,

Your BrickLink team

[Alexandrina]

Again, that sounds like a positive development to me. Clearly they still have some stuff they want to do but if they're already in a position where they're telling users how to proceed when the site reopens, that suggests to me that they're quite close indeed to the moment of reopening.

[jpx]

8 hours ago, HotdogBricks said:

We strongly advise all our members to practice good data security. Install and run security software and create strong, unique passwords.

I can only stress this, if you don't, please consider using a Password manager - apps like 1Password or if you are using iOS/macOS the build-in iCloud keychain. It will save a strong (ex 20 random characters) and fill in the password when you need it. 

Don't reuse your password, they are leaked all the time (see https://haveibeenpwned.com)

[MAB]

Bricklink also need to take more ownership of security especially when it comes to changing data such as email addresses and linked paypal accounts. If you have the password to an account, then you can change the email address and password with ease, and once that is done there is no way for the real owner to change it. Even for reasonably active accounts, the owner is not warned about the change and won't be aware until they try to use their account. For a dormant account, the hacker is essentially free to keep the account to use at a later date whenever they please. 

[Peppermint_M]

3 hours ago, MAB said:

Bricklink also need to take more ownership of security

On one hand I agree. However on the other, if you have a really easily hacked password, it's sort of like leaving your car unlocked with a key in the ignition. "Why yes officer, my unsecured car was stolen" 

 

[Alexandrina]

8 minutes ago, Peppermint_M said:

On one hand I agree. However on the other, if you have a really easily hacked password, it's sort of like leaving your car unlocked with a key in the ignition. "Why yes officer, my unsecured car was stolen" 

That said, leaving the key in your car is terrible security practice and your own fault - but still doesn't excuse the person stealing it. Most websites nowadays notify you if there's been an unusual log-in/sometimes don't allow you to change your email address without entering your password (thus preventing email addresses being changed without the hacker knowing the user's email credentials too). If Bricklink aren't doing this then perhaps they should.

[Peppermint_M]

Do we know that this isn't happening? If the affected accounts were old and inactive, it is not unheard of for people to ignore old inboxes or to have lost access. Not to mention those that shuttered their shop or fell off using the site for health/life reasons and are not able to monitor or act on things.

I am not condoning bad actors and hackers, nor car theives, but they are a known risk so we act accordingly.

[Alexandrina]

9 minutes ago, Peppermint_M said:

Do we know that this isn't happening? If the affected accounts were old and inactive, it is not unheard of for people to ignore old inboxes or to have lost access. Not to mention those that shuttered their shop or fell off using the site for health/life reasons and are not able to monitor or act on things.

I am not condoning bad actors and hackers, nor car theives, but they are a known risk so we act accordingly.

Honestly I have no idea, I just assumed MAB was talking from experience.

[JaBaCaDaBra]

Yes, Pipo fixed his site.