Slickwraps, the manufacturer behind the vinyl skins for Apple devices and other gadgets, disclosed on Saturday, Feb 22, it has been hit by a data breach that had compromised more than 850,000 user accounts.
In a tweet posted by the retailer, it was revealed that the company’s non-production database has been exposed “via an exploit.” According to the report, on Feb 21, an unauthorised party was able to access the said database and obtained customer names, emails, and addresses.
Before the announcement, news about the leak has already been circulating following an email received by Slickwraps customers from alleged hackers. In the said email, an unauthorized user sent an email to 377,428 customers via Slickwraps’ ZenDesk help desk system.
As written in the email, the hackers revealed they were able to access the private database by reading a Medium article, where a certain @Lynx0x00 revealed the vulnerability in January 2020.
“ANYBODY can do what we just did, and they might do something really shitty with the same data we took,” the email wrote.
A day after the email was sent, Slickwraps notified customers about the incident via a blog post.
“There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back,” Slickwraps CEO Jonathan Endicott said. “We’ve made a mistake in violation of that trust.”
The company, however, clarified that no password or personal financial data has been exposed in the incident. Customers who have also checked out as guests were said to have not been affected by the breach.
“Upon finding about the public user data, we took immediate action to secure it by closing any database in question,” Endicott continued.
“As an additional security measure, we recommend that you reset your Slickwraps account password. Again, no passwords were compromised, but were recommend this as a standard safety measure. Finally, please be watchful any phishing attempts.”
When asked by Bleeping Computer about the recent incident, Lynx, the party who had first revealed in a Medium post about Slickwraps’ poor security, claimed that they were not the people behind the breach. However, they revealed that they had identified traces of other unauthorized users in Slickwraps’ website
“I saw some activity during my research, maybe they’re the same people who sent out the emails? No clue to be honest,” Lynx explained.