Security flaws could have had LEGO users bricking it

Research from Salt Labs has highlighted two API security vulnerabilities discovered within BrickLink, a digital resale platform owned by The LEGO Group. BrickLink is the world's largest online marketplace to buy and sell second-hand LEGO. The API security flaws could have allowed for both large-scale account takeover (ATO) attacks on customers' accounts and server compromise to allow bad actors to take control of accounts and steal personal details. Salt Labs researchers discovered the vulnerabilities by examining areas of the site that support user input fields. In the 'Find Username' dialog box of the coupon search functionality, researchers found a cross-site… [Continue Reading]