API flaws in a widely used Lego online marketplace could have allowed attackers to take over user accounts, leak sensitive data stored on the platform, and even gain access to internal production data ...