Lego website hacked – showed advertising for crypto scam

Sicherheit (Pexels, allgemeine Nutzung)[German]Unknown actory have succeeded in hacking the Lego website. For some time, the website displayed advertisements for crypto-assets with a scam in the background. However, Lego has since restored the website and prevented the attackers from accessing it.

I came across the issue via the following tweet, which happened on Friday and Saturday.  The hack took place on October 4, 2024 (US time, in Europe it was already October 5, 2024), and was noticed by the Lego community on reddit.com.

Lego Webseite gehackt

Unknown actory advertised a Lego Coin very convincingly on the Lego website (see screenshot below). Anyone who clicked on the logo on the website ended up on a scam page for investing in this fictitious Logo Coin crypto money.

Lego-Krypto-Scam-Anzeige

Of course, this crypto money does not exist. On reddit.com, it says that the Lego website was altered on October 4, 2024 at around 9 p.m. EDT (U.S. Eastern Standard Time). The Lego.com website shows the above message about a new crypto coin supposedly being launched by Lego. Links to would have referenced a cryptocurrency website.

It was immediately clarified and warned by the reddit.com thread creator: Lego will not issue a cryptocurrency! The ad on the Lego website is a scam and users should not fall for it.

The poster warned members of the sub-reddit: "For now, I would stay away from Lego.com until we get confirmation from Lego that the site is fixed." The community reported the hack to Lego as soon as it was noticed. On reddit.com, registered users of the leogo.com website were advised to change their password as a precautionary measure.

Lego then took the compromised website offline and restored it. Engadget reported on the matter in this article. Lego told this medium that no user accounts had been compromised. The lego.com website had been restored to its original state and the cause of the hack had been identified. Measures have been taken to prevent this from happening again. Here is the statement from Lego to Engadget:

On October 5, 2024 (October 4 evening in the US), an unauthorized banner briefly appeared on LEGO.com. It was quickly removed and the issue was resolved. No user accounts were compromised and customers can continue to shop as usual. The cause has been identified and we have taken steps to prevent this from happening again.

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *