Login

Register

Login

Register


A popular producer of smartphone skins has suffered a major data breach, compromising the personal details of over 857,000 customers.

Slickwraps issued a breach notification to customers last Friday, claiming that data in “some of our non-production databases was mistakenly made public via an exploit,” and then accessed by an unauthorized third party.

In fact, what appears to have happened is that a security researcher going by the moniker “Lynx” on Twitter discovered a vulnerability in the Slickwraps website and then publicly disclosed it to the firm via the social media site, before writing up the findings in a Medium post. Both have since been deleted.

Before the firm had time to respond, it seems that hackers stepped in to exploit the bug and access the customer data, according to Android Police. They subsequently emailed users to inform them their data was now compromised.

According to notification site HaveIBeenPwned?, 857,611 unique email addresses were compromised in the breach, belonging to customers and newsletter subscribers. Also included were names, physical addresses, phone numbers and purchase histories.

Slickwraps assured users that if they checked out as “guest” their details are safe. It added that no passwords or financial data were stolen, but recommended customers change their passwords anyway out of precaution.

Jake Moore, cybersecurity specialist at ESET, warned that hackers can still do a lot of damage, even with a list of emails and names.

“The biggest risk is via brute force attacking the accounts, where criminals use leaked common password combinations against the emails to try and break into other personal accounts. A large number of people still use predictable or simple passwords,” he explained.

“Together with recent high-profile breaches, many people’s passwords are also readily available on the dark web, so it quickly becomes just a simple exercise for cyber-criminals to join the dots. The threat this poses is then increased, as many people use the same passwords across multiple accounts.”



____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW