Slickwraps Data Breach Exposes Financial And Customer Info (Feb 21, 2020)
Slickwraps, a mobile device case retailer, has had a data breach exposing customer information. The company claims the data breach includes addresses, email addresses and names of customers. Security researcher Lynx was able to gain access to API credentials, customer photographs, email addresses, employee personal information, passwords, phone numbers, transactions and ZenDesk tickets. Discovering the vulnerability in January, Lynx alerted Slickwraps to the findings, however they were allegedly blocked and did not heed any advice, as the breach occurred after the vulnerability was disclosed.
Recommendation: Leaks of this sort may cause affected individuals to be at a greater risk of phishing attacks. Actors can use this information to craft custom emails to increase their chances of malicious activity being approved by the recipient. Individuals who have accounts associated to this incident should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts. Individuals should also regularly monitor their credit reports for suspicious activity or consider an identity theft protection service.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.