In an email sent to customers this morning, Slickwraps says an "unauthorized party" accessed its private databases, and obtained customer names, emails and addresses. Slickwraps claims passwords and credit card information weren't compromised.
"We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving communication of security guidelines to all Slickwraps employees, and making more of our user-requested security features our top priority in the coming months," the company said. "We are also partnering with a third-party cybersecurity firm to audit and improve our security protocols."
However, the scale and severity of the breach could be much more significant than Slickswraps is letting on. According to a security researcher who goes by the Twitter handle of Lynx, they reportedly tried to warn the company multiple times over the last several days about a massive vulnerability to their website. What's worse, they claim all of their messages were ignored by Slickwraps. At one point, the company even went so far as to block Lynx's Twitter account. Eventually, Lynx disclosed the breach in a Medium post that they've since deleted. Someone then used the information in the post to access the databases and email all of Slickwraps' 377,428 customers, letting them know of the breach before the company had said anything about it.
In whatever way the scenario actually played out, it highlights just how frequent these types of breaches have become in recent years. As an individual, it's hard for you to know when a website you've used in the past may get hacked, but by taking a couple of simple precautions you can minimize the effects on your online privacy.