- The leaked information included names, email addresses, physical addresses, phone numbers, and purchase histories of the customers.
- Any data entered as “Guests” were not exposed.
Slickwraps, a Kansas-based mobile device case retailer, suffered a security breach that impacted hundreds of thousands of customers. The firm realized the breach only after researchers failed to get in touch with the right authority and publicly disclosed the incident.
What happened?
- The data leak was disclosed last week on February 21.
- A group of researchers exploited security vulnerabilities in the systems of Slickwrap and found that it was exposing 850,000 user accounts.
- The leaked information included names, email addresses, physical addresses, phone numbers, and purchase histories of the customers.
Company published security update read, “On February 21st, we discovered customer data in some of our non-production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party.”
Post-breach analysis
- The firm confirmed that the records were accessed by an unauthorized party.
- It also said that the exposed data did not contain passwords or personal financial data of the customers.
- Any data entered as “Guests” were not exposed.
“Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question,” the update reads further.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/bb7f_shutterstock_660345646.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_716818132.jpg)
