Any website can be hacked if it has a vulnerability or attackers manage to find a way to control it. They can do this for different reasons, such as distributing malware. In this article, we report on how they managed to hack the official LEGO website. Could you do something similar with other websites? We are going to talk to you about what you can do, as a user, to avoid problems.
In this case, it was a cryptocurrency-related scam. The attackers have taken control of the LEGO website to supposedly promote a fake token of the brand and be able to purchase it through Ethereum. It was nothing more than a scam, a deception to steal money from users.
LEGO website hacked
In this attack, hackers managed to modify the main banner of the website. Instead of simply showing the LEGO logo, they modified it so that the tokens of that supposed cryptocurrency of the brand also appeared. In addition, they included a brief text indicating that the new LEGO cryptocurrency has arrived and that it can be purchased directly on that website.
Of course, someone who enters the official page and sees that banner might think that it really is something legal, reliable, and that the company has decided to sell cryptocurrency tokens. It is not the same as seeing that information on a third-party site, where they could have posted false information. As it is the official website itself, it gives more credibility. The attackers play with that.
The scam is simple: the victim clicks on the banner, lands on a website to supposedly buy those LEGO tokens, and they are actually paying for nothing. They are wasting money on something false, something that does not exist. It really wasn’t a page where card details or personal information were stolen, but rather the scam consists of selling something that doesn’t exist.
According to what they indicate, there have been victims, but it has not been a very successful attacker. There have been a few visitors who have fallen into the trap and bought these fake tokens, losing several hundred euros.
Could it happen on other pages?
The truth is that this could happen on other websites. If that page has a vulnerability, if attackers manage to gain access, they could impersonate the site and start selling something false, insert malicious code to steal data, passwords… Hackers have an opportunity there.
As a user, what you should always do is maintain common sense. Beware of possible false sales that you find online, fraudulent information or sites where they ask you to enter your personal data to later steal it and use it against you. Avoiding making mistakes is going to be key.
It is also good that you use a good antivirus, as well as having everything correctly updated. Make sure you fix any vulnerabilities in the system, as attackers could use them against you. If you are going to use security software, check that it is reliable and install one that works correctly. Protecting your mobile phone as much as possible, as well as any device, is also essential.
