The data leak was disclosed last week, on February 21 the company that customer records were accidentally exposed online via an exploit.
Exposed records include names, email addresses, physical addresses, phone numbers, and purchase histories.
“On February 21st, we discovered customer data in some of our non-production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party.” reads the security update published by the company.
The company confirmed that records were accessed by an unauthorized party, but pointed out that exposed data information did not contain passwords or personal financial data.
Data belonging to users that checked out as guests were not exposed.
“The information did contain names, user emails, addresses If you ever checked out as “GUEST” none of your information was compromised.” continues the update.
“Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question”
Even if no passwords were compromised, the company recommends users reset their password and remain vigilant for any phishing attempts.
On February 21, an individual claiming to be the attacker emailed customers impacted in the breach.
The message sent by the attacker included a part of the exposed user data and suggested customers contact the company.
A cyber security expert that goes online with the moniker of Lynx0x00 published a blog post detailing his failed attempts of reporting the vulnerability on Slickwraps’ servers
“A person by the name of Lynx0x00 positioning himself as a
After the Slickwraps was made aware of the incident via Twitter, the popular cyber security expert Troy Hunt was contacted to verify the attacker’s announcement. The expert reported the incident to the FBI, the company identified the exploit and secured the vulnerable servers exposing the customers’ data.
Below the timeline of the security breach:
The exposed records have been added to Have I Been Pwned data breach notification service operated by Hunt.