You might want to avoid buying stuff from SlickWraps (Update: Company response)

This might be the most over-the-top example of a data breach in history.

You might want to avoid buying stuff from SlickWraps (Update: Company response)
SlickWraps Update, February 21, 2020 (02:55 PM ET): This whole SlickWraps thing just got more intense. First, Lynx’s Twitter account was temporarily suspended (it’s back now though). However, the Medium blog post that details all the information about the hack has been removed. Then, the CEO of SlickWraps posted a response to the breach (via Kellen from Droid-Life). The message, which you can read here, is deeply apologetic. However, it’s strange because it not only came from one of the hacked email accounts but also is dated in the future — the date February 22 is cited numerous times in the letter. SlickWraps is a US-based company, so it is definitely not February 22 for the brand. As of now, the company is still open for a business and its website is active. Who knows how long that will last though, as now any hacker could literally destroy the company at any moment. Original article, February 21, 2020 (01:58 PM ET): Data breaches happen quite often nowadays. Usually, though, they involve various amounts of user data leaking to the so-called “dark web” and then people getting into an uproar. However, the SlickWraps data breach publicized today might be the most over-the-top breach ever. A hacker going by the name Lynx not only gained access to customer information on SlickWraps but gained control over the entire business. In a very long and very thorough report on the Lynx Medium blog, the hacker proves they could have, quite literally, erased every single aspect of the company’s business. Lynx was able to do this because of the “abysmal” security checks in place surrounding all aspects of SlickWraps. Through some simple hacking that even I fully understand, Lynx was able to gain complete control over the following: All admin account details, including password hashes. All current and historical customer information including addresses, emails, phone numbers, and transaction histories. API credentials for PayPal Payments Pro and Braintree, which process credit card payments. API credentials for ShipHero, its warehouse management system. API credentials for SlickWraps social accounts, including top-level access to its Facebook, Twitter, and Instagram accounts. In the words of Lynx: “At this point, I could have deleted their entire company.” After gaining all this access, Lynx attempted numerous times to contact SlickWraps to let the company know it had a big problem. However, the company continually ignored Lynx, even going so far as to block them on Twitter. Lynx only decided to go public with the data breach after exhausting all other options. If you’re interested, read Lynx’s entire report here. In the meantime, we recommend not buying anything from SlickWraps if you want to avoid your financial data getting stolen. More posts about Cybersecurity Huawei lashes out at US government, calls backdoor allegations illogical Hadlee Simons 1 week ago Deal: Become a cybersecurity specialist for just $29.99 AA Picks 1 month ago If you use Firefox browser you need to update it right now Phillip Prado 1 month ago Become a certified cybersecurity superhero for just $39 AA Picks 2 months ago Train as a certified cybersecurity specialist for under $35 AA Picks 2 months ago Black Friday deal: Specialize in cybersecurity for just $12 AA Picks 3 months ago Deal: Become a certified cybersecurity specialist Savumin 3 months ago Watch Edward Snowden detail how phones are used to spy on you Hadlee Simons 4 months ago Learn to become a certified cybersecurity superhero for just $23 AA Picks 4 months ago Do you know what “https://” means? Pew survey proves most Americans don’t. Phillip Prado 4 months ago