Yeesh, you might want to avoid ever buying anything from SlickWraps - Android

SlickWraps

Data breaches happen quite often nowadays. Usually, though, they involve various amounts of user data leaking to the so-called “dark web” and then people getting into an uproar. However, the SlickWraps data breach publicized today might be the most over-the-top breach ever.

A hacker going by the name Lynx not only gained access to customer information on SlickWraps but gained control over the entire business. In a very long and very thorough report on the Lynx Medium blog, the hacker proves they could have, quite literally, erased every single aspect of the company’s business.

Lynx was able to do this because of the “abysmal” security checks in place surrounding all aspects of SlickWraps. Through some simple hacking that even I fully understand, Lynx was able to gain complete control over the following:

• All admin account details, including password hashes.
• All current and historical customer information including addresses, emails, phone numbers, and transaction histories.
• API credentials for PayPal Payments Pro and Braintree, which process credit card payments.
• API credentials for ShipHero, its warehouse management system.
• API credentials for SlickWraps social accounts, including top-level access to its Facebook, Twitter, and Instagram accounts.

In the words of Lynx: “At this point, I could have deleted their entire company.”

After gaining all this access, Lynx attempted numerous times to contact SlickWraps to let the company know it had a big problem. However, the company continually ignored Lynx, even going so far as to block them on Twitter. Lynx only decided to go public with the data breach after exhausting all other options.

If you’re interested, read Lynx’s entire report here. In the meantime, we recommend not buying anything from SlickWraps if you want to avoid your financial data getting stolen.

More posts about Cybersecurity

Huawei lashes out at US government, calls backdoor allegations illogical

Hadlee Simons 1 week ago

Deal: Become a cybersecurity specialist for just $29.99

AA Picks 1 month ago

If you use Firefox browser you need to update it right now

Phillip Prado 1 month ago

Become a certified cybersecurity superhero for just $39

AA Picks 2 months ago

Train as a certified cybersecurity specialist for under $35

AA Picks 2 months ago

Black Friday deal: Specialize in cybersecurity for just $12

AA Picks 3 months ago

Deal: Become a certified cybersecurity specialist

Savumin 3 months ago

Watch Edward Snowden detail how phones are used to spy on you

Hadlee Simons 4 months ago

Learn to become a certified cybersecurity superhero for just $23

AA Picks 4 months ago

Do you know what “https://” means? Pew survey proves most Americans don’t.

Phillip Prado 4 months ago