Hack on the Homepage of LEGO.com: A Detailed Account
In a surprising cyber attack, the homepage of the LEGO online store was compromised overnight. According to The Brick Fan, at approximately 3:00 AM German time, unknown individuals took over at least one banner and a button on LEGO.com’s homepage. This banner, which remained live for at least an hour, promoted a fake "LEGO Coin" through an AI-generated advertisement. Although the banner has since been removed and is no longer accessible, it is unclear whether it was displayed worldwide. However, it was confirmed to be visible in the USA.
Screenshot of the scam on lego.com
The banner displayed the following message:
"Our new LEGO Coin is officially out! Buy the LEGO Coin today and unlock secret rewards!"
Beneath this message were two buttons typically seen on the LEGO store: "Buy Now" and "Shop All New." At least the "Buy Now" button redirected users to a cryptocurrency trading platform.
Scammers Exploit Decentralized Trading Platform
Upon clicking the "Buy Now" button, users were directed to Uniswap, a decentralized exchange platform specializing in cryptocurrency and NFT trading. Here, users were supposedly able to exchange Ethereum for the "LEGO Coin." However, warnings indicated that the "LEGO Coin" was not traded on any major U.S. cryptocurrency exchange and was infrequently traded on Uniswap. As Uniswap allows nearly anyone to create trades, it is unlikely the platform itself was involved in the hack.
Fortunately, the immediate financial damage seems minimal. Only four transactions for the fake LEGO Coin were listed on Uniswap, totaling just over $80.
For a visual depiction of how the hack looked live on LEGO’s homepage, viewers can check out a video from Sarah at just2good. However, a LEGO Fortnite banner mentioned in the video does not appear to be part of the hack but rather an artifact from the original banner.
Uncertainty Regarding Customer Data
It remains unclear whether LEGO customers’ personal data were compromised in the attack. While it seems unlikely that sensitive information was accessed, LEGO has yet to release an official statement on the matter. It is crucial for LEGO to address the situation promptly, explaining the scope of the attack, whether customer data might have been affected, and providing guidance on next steps for their customers.
Additionally, questions linger about how the attackers managed to breach LEGO.com. While it is doubtful that LEGO will disclose this information publicly, customers would certainly appreciate an explanation of what the company plans to do to prevent similar incidents in the future.
In the meantime, it may be wise to avoid the LEGO website until an official statement is made. After such an attack, changing passwords is a good precaution, but it’s best to wait for LEGO’s official instructions before doing so.
Second Incident Within a Year
This incident bears similarities to a previous hack from November last year, which affected BrickLink, an online marketplace owned by LEGO. That hack targeted individual accounts, leading LEGO to shut down BrickLink for several days while implementing additional security measures. Given the recurrence of these incidents, LEGO will likely need to consider more robust security solutions moving forward.