Smartphone skin maker “Slickwraps” got hacked and its customer data has been exposed
If you have ever purchased a skin from Slickwraps you may have received an alarming email today (be sure to check your spam folder). The email, titled “ATTN: ALL SLICKWRAPS CUSTOMERS,” explains that the company was hacked and thousands of users’ information is at risk. If that sounds bad (it is), it gets worse.
That email was actually not sent by Slickwraps, but by someone who was able to access the 377,428 email addresses from their customer database. All of this started when a Medium post by a security researcher on Twitter by the handle @Lynx0x00 went semi-viral. The Medium post (which at the time of publication has been suspended) explains how they were able to hack Slickwraps due to the company’s poor security practices. Lynx was able to gain so much access that they could have essentially “deleted their entire company.”
What’s more important to anyone who has purchased a Slickwraps skin in the past is that customer data was unprotected. Slickwraps eventually sent out an official email that claims that only names, user emails, addresses were exposed, but that passwords or personal financial data were not. This is evident in the first “ATTN” email that was sent, which included the recipient’s address and phone number (which Slickwraps does not mention).
This statement implies that they were only informed of the breach today (February 22nd?), which is not true based on what was revealed in the Medium post. They also claim only information from users who created an account was compromised, but that also doesn’t appear to be true. Slickwraps has closed their databases and they are now partnering with an unnamed third-party cybersecurity firm to improve security.
Slickwraps says more details will follow, but for now, they recommend users reset their passwords. The damage, however, has already been done, both to customers’ personal data as well as to Slickwraps’ reputation. We highly recommend you read the archived version of the original Medium post here to see the entire story of how this unfolded. It doesn’t paint a pretty picture of the company.