Skip to main content

Bugs in Lego Resale Site Allowed Hackers to Hijack Accounts

posted onDecember 19, 2022
by l33tdawg
Flickr
Credit: Flickr

Security analysts have found bugs in Lego's second-hand online marketplace that left its users at risk of account hijacking and data leakage.

In a blog post, Salt Labs said that the issues, now resolved, affected Lego-owned BrickLink.com, the world’s largest official marketplace for Lego bricks.

The security researchers said that two API security issues could have enabled an attacker to take over BrickLink accounts, and access and steal personally identifiable information stored on the site. The vulnerabilities could have also allowed attackers to gain access to internal production data and compromise internal servers, Bleeping Computer reports. The BrickLink bugs were spotted when Salt Lab analysts were experimenting with user input fields on the marketplace site.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th