The Popular smartphone and electronic skin maker Slickwraps has got into a data breach issue. The company that provides a new look to the devices now seems to have provided customer information. The data breach occurred a few days back but recently the company was informed about it. The issue reached a bigger level when a Security Researcher reached out to the CEO. Let’s learn the full details.
Slickwraps Data Breach Exposed Customer Information
The Choas occurred when suddenly some of the Slickwraps users got an email from the company with a ‘SlickHacked’ image. It stated that ‘we have your data’ and also revealed that it is a mass email to some of the clients.
— Toneman (@Toneman) February 21, 2020
The email came from [email protected] and made users aware that anyone can hack and acquire data. The sender also said that they accessed Slikwraps data by reading a post from a twitter account named Lynx0x00. The Twitter account also had ‘Security Researcher, White Hat Hacker, Not Axe’ in the bio. Sadly, the account has now been deleted.
Someone did archive the post and it revealed that the Twitter post shared that the Slickwraps skin customization page had a vulnerability. Anyone can have uploaded a file to any directory on the company server. Lynx0x00 also mentioned that someone has already made use of it and accessed several customers’ data, current employee data, billing addresses, emails, shipping details, and even phone numbers.
The weird thing about this is that the user Lynx0x00 did try to contact Slickwraps but they didn’t reply and ended up blocking the user. This made everyone think that Slickwraps might actually have security flaws and they are just ignoring.
Lynx0x00 ended up in the Dm’s of the company and finally, they responded. The company asked about the bounty money but the user said to unblock him and later mentioned everything in the direct message.
The company then said that it has a different social team and it is run by a third party. Therefore, the user Lynx0x00 finally emailed the CEO of the company and the issue was addressed. For security, Slickwraps again blocked Lynx0x00.
A message from Slickwraps to our customers pic.twitter.com/z9huO9oN88
— Slickwraps (@SlickWraps) February 25, 2020
Now, just recently, the company itself apologized for the data breach and said that it has been fixed. Now, the issue is in the hands of the cybersecurity team and the FBI is also working on the case.