Will we also get hacked ? and what shall we do to protect our inventory

Dear store owners

Just took some precautions for my inventory and kept a backup online, as i lost the latests updates on BL.

Will this increase our sales while BL tries to fix their situation? May be, but I'm thinking if they want to make a statement that they also attack our Brick Owl place?

I've being monitoring my paypal account and credit cards, just to be prepared, even the important information aren't present on both sites. What worries me is that they say that they have hacked all the BL accounts, not sure what they can do with the leaked information.

My son was joking about that the might attack this wonderful place as next to make a statement, hopefully not.

Have a nice day, without any hackers.....

Comments

  • 6 Comments sorted by Votes Date Added
  • It truly is a thought we all have here on Brickowl.

    As you look trough the forum, we are already talking about extra account protection, backup saves of inventories and so on. So as always, be prepared for everything, both here on Brickowl, but also in general. Be mindful of your surroundings :-)
  • @Malnaborg True and I also voted for the 2FA authentication which is in my opinion too an additional protection.
  • For anyone looking for a free backup solution with support:

    BLS Manager can automatically backup inventory and orders for both (or either) sites, and is completely free as long as you configure InSpaceSync in ReadOnly mode. You can even use the web interface to manage and make your inventory backups.

    Basically, it downloads your inventory at a specified interval, stores it in a local SQL database, and creates XML files every 24 hours. You don't have to run it full time either. It has a console and online web interface that works on modern browsers, tablets and your phone.

    The free version can also restore inventory.

    * BL Backup only works when BL is back online ;)
  • Why would you suggest something that does not work at the moment ?

    Brickowl already have a feature of its own. Brickowl already automatic makes a backup of your inventory, and you can download one for everyday going 2 weeks back. Both as an xml file or csv file.
    It it located by navigating to your inventory, and then "download/ backup"
  • Because people are asking for backup solutions, one you can access when the sites are down or compromised. BO has backups, BL you have to manually create and download them.

    You can also continue picking orders when the sites are down, there are plenty reasons to use offline software.

    I just wanted to help.
  • Thank-you @ErwinNL for providing free features like this. People are realizing the importance of an offsite backup, and people should be doing this for BrickOwl as well as any other platforms they sell on. You were definitely helpful, and automated backups for BO are independent from BL being online or not (so I disagree with @Malnaborg's sentiment).

    For the original post, until we know what happened on the other site, the key thing we do know is that bad actors were able to get a hold of individual accts that were likely from re-used passwords with matching e-mail addresses for their accounts. It could have been from a previous breach, or from darkweb lists of other "pwned" sites, or even phishing.

    A couple of ways to protect yourself (independent of the platform's own security policies/safeguards) is to use an e-mail address either specific to the platform, or specific enough that isn't used all over the place and also using a strong and unique password for every site. Password managers are amazing for this.

    All technology is vulnerable in one way or another. Nothing is fully secure - ever. Password managers which specialize in security have been compromised in the past. But you can still use techniques to make it less likely to be a target.

    I'm not sure what Lawrence may be cooking up in terms of security features, but 2FA is a solid additional layer to use, and perhaps forcing a password reset for all accounts (that cannot match previous passwords) as a precaution.
Sign In or Register to comment.