Shopping at LEGO or Amazon?
Please use our links: LEGO.comAmazon
As an Amazon Associate we earn from qualifying purchases.

Data Breach at Lego.com

LegoboyLegoboy 100km furtherMember Posts: 8,825
Received an alert on my phone a few moments ago, notifying me of a data breach at LEGO.

Needless to say I have just changed my password.


Comments

  • benbacardibenbacardi EnglandMember Posts: 712
    edited October 2021
    Was LEGO the only place you used that specific password previously?

    If not, then that message is no indication that LEGO had a data breach. It just says that the password you have saved for LEGO was found in *a* data breach (or possibly not even that!)
    Astrobricksrd1899stlux
  • LegoboyLegoboy 100km furtherMember Posts: 8,825
    Yes.  The password was dedicated to lego.com.
  • stluxstlux LuxembourgMember Posts: 2,450
    That looks like a LastPass alert. I'm both a LastPass and Bitwarden premium user, and didn't get such a warning. So I'm echoing @benbacardi that the likely issue is that the same password showed up in *a* data breach.
    Even a random and complex password might have been used by somebody else at a different service that was breached.

    I checked the lists of exposed password, and my LEGO.com password is not part of any.
    Astrobricksbenbacardird1899
  • LegoboyLegoboy 100km furtherMember Posts: 8,825
    edited October 2021
    The only time my Lego password was previously used, was here in Brickset before we were advised to change it a few years ago as a precaution.  It’s quite personal to me so unless, their kids and countless furry animals share the same names (it was a long password), it’s unlikely it was used by anyone else.  :D
  • benbacardibenbacardi EnglandMember Posts: 712
    edited October 2021
    Although, due to the way passwords are stored, there is also the chance that other passwords result in the same password *hash*, which is what they're compared using. Perhaps, if LEGO didn't have a breach, a company did with a users password that happened to result in the same hash?
  • CCCCCC UKMember Posts: 20,487
    So it's not Legoboy123? 
    560Heliport
  • PaperballparkPaperballpark Near ManchesterMember Posts: 4,250
    He has 1234 furry animals and his kid is called Password ;)
    560Heliport
  • autolycusautolycus US-SEMember Posts: 1,358
    edited October 2021
    He has 1234 furry animals and his kid is called Password ;)
    That’s the stupidest password I’ve ever heard in my life! That’s the kinda thing an idiot would have on his luggage!
    jmeninnoWoodenOOldfan
  • Switchfoot55Switchfoot55 Yellowstone, 1883Member Posts: 3,037
    *hastily changes password from Switchfoot1234*
    AstrobricksKungFuKenny
  • 560Heliport560Heliport Twin Cities, MN, USAMember Posts: 3,382
    *hastily changes password from Switchfoot1234*
    ...Did you change it to Switchfoot55? :)
    KungFuKenny
  • madforLEGOmadforLEGO Chicagoland USMember Posts: 10,655
    Did you contact LEGO CS to see what they say about it?
  • Switchfoot55Switchfoot55 Yellowstone, 1883Member Posts: 3,037
    *hastily changes password from Switchfoot1234*
    ...Did you change it to Switchfoot55? :)

    ...crap...
    AstrobricksKungFuKenny560Heliportdatsunrobbie
  • 560Heliport560Heliport Twin Cities, MN, USAMember Posts: 3,382
    *hastily changes password from Switchfoot1234*
    ...Did you change it to Switchfoot55? :)

    ...crap...
    I'm gonna change your address so everything you order comes to me! Hahaha!
    Brickfan50CymbelineSwitchfoot55
  • autolycusautolycus US-SEMember Posts: 1,358
    *hastily changes password from Switchfoot1234*
    ...Did you change it to Switchfoot55? :)

    ...crap...
    I'm gonna change your address so everything you order comes to me! Hahaha!
    I hope you want a lot of reindeer and white plates this time of year!
    Brickfan50560HeliportSwitchfoot55
  • bricktuarybricktuary Krakozhia (temporarily stuck in London)Member Posts: 957
    A quick reminder you can set up 2 factor authentication on Lego.com, it sends an email with a code. Not perfect but better some 2FA than not.
    Switchfoot55AstrobricksMaffyD
  • MaffyDMaffyD West YorkshireMember Posts: 3,403
    Legoboy said:
    The only time my Lego password was previously used, was here in Brickset before we were advised to change it a few years ago as a precaution.  It’s quite personal to me so unless, their kids and countless furry animals share the same names (it was a long password), it’s unlikely it was used by anyone else.  :D
    It's almost certainly this. Hackers buy and sell password lists and email lists on internet forums and then they compile master lists to use in brute force attacks on other services. It is not subtle - they use a combo of every email address they have with every password they have on a chosen service/site which doesn't have authentication throttling (or throttling that can be bypassed). They hope to get a match from users that have the same email/password combo everywhere.

    That old password is in a list somewhere and has pinged with a checking service (it looks like Google's own, I think) and let you know.
Sign In or Register to comment.

Shopping at LEGO.com or Amazon?

Please use our links: LEGO.com Amazon

Recent discussions Categories Privacy Policy Brickset.com

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Brickset.com is a participant in the Amazon Services LLC Associates Program, the Amazon.com.ca, Inc. Associates Program and the Amazon EU Associates Programme, which are affiliate advertising programs designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.

As an Amazon Associate we earn from qualifying purchases.