SlickWraps data breach

[RafaelSoaresP]

So, I just received this email with my valid (altough old) home address.

 

This is the link with the whole story.

 

https://medium.com/@lynx0x00/i-hacked-slickwraps-this-is-how-8b0806358fbb (link was taken down, here's a copy http://archive.is/yEIJT ) 

 

It actually seems pretty bad.

[FakeCIA]

Slickwraps was unsecured to begin with and they are super sketchy. There's a reason dbrand calls em out all the time for using bots on Twitter.

[FakeCIA]

1 hour ago, 404usrnmntfnd said:

Yeah. I was reading the medium article. Holy shit. Fuck Slickwraps.

Definitely agree with that. If you want a skin for your phone, just go with dbrand. They're safe and you know you can trust em enough. I don't even know who owns Slickwraps or who works there.

[Tieox]

Oh this should be explosive

 

[RonnieOP]

I dont understand how slickwraps is even still around.

 

They had a sale a while back and i ordered 4 skins. Took 2.5 months to get them and 1 was missing and 1 was the wrong skin.

 

During that 2.5 month waiting period their CS was useless. 2 months in i tried to just cancel the order and they refused. Then they refused to fix the order when i got it.

 

Ended up just filing a claim with my bank and getting my money back and swore never to use them again.

[FakeCIA]

 

Most of the people who replied or retweeted this tweet of theirs, specifically, all had the same variation of "That's cool" or "I want one." They're literally using bots or having multiple people drive up attention. After checking out the most repetitive of these, they only reply to Slickwraps and dbrand. Most of these are probably the same person with how similar the language and grammar are. Also, that picture is pretty much a copy of dbrand's marketing strategy.

[Duskie]

That’s insane, I was considering getting a skin from them but I went with dbrand in the end. Good thing I did!

[RafaelSoaresP]

Looking at the pentest report, the whole thing is absolutely insane! 

https://files.catbox.moe/fxn9r2.pdf

[FakeCIA]

I'm lurking through their Twitter. Nearly every profile that has posted pictures or has commented on the value of their product exhibits the same language and behavior. They also all joined Twitter close to the same times in various groups from 2010, 2015, 2017, and January 2020. They also only reply to dbrand and follow Slickwraps. I'm gonna keep lurking cause I think this is hilarious that they are this desperate.

[RafaelSoaresP]

https://www.androidpolice.com/2020/02/21/slickwraps-has-been-hacked-customer-data-is-compromised/

[That Franc]

The timing on that couldn't have been any greater. At the time of the posting me and my friend were contemplating getting custom-designed skins from them and fiddling with the design tool. And then I saw the news.

[FakeCIA]

1 hour ago, That Franc said:

The timing on that couldn't have been any greater. At the time of the posting me and my friend were contemplating getting custom-designed skins from them and fiddling with the design tool. And then I saw the news.

Sometimes cheaper is not always better.

[Velcade]

SlickWraps hacked by DBrand in a viral marketing shitstorm  /s

[RafaelSoaresP]

The OP of the article said he's not the one who sent the emails!

This means there were multiple acesses to their platform!
 

 

[greenmax]

16 minutes ago, FakeCIA said:

I'm gonna keep lurking cause I think this is hilarious that they are this desperate.

Making money is a desperate motive.

Nothing wrong with it. Some could call it a smart move. No different then clickbait titles and clickbait thumbnail pictures which is desperate.

[Blademaster91]

1 minute ago, greenmax said:

Making money is a desperate motive.

Nothing wrong with it. Some could call it a smart move. No different then clickbait titles and clickbait thumbnail pictures which is desperate.

I'd consider using twitter bots really desperate, and according to the article Slickwraps took artwork without paying for it, also banning customers from replying on twitter for asking about an order. Having customer service that bad and not even having basic site security is pretty shady, I considered buying a skin from them but glad I didn't.

[greenmax]

7 minutes ago, Blademaster91 said:

 

7 minutes ago, Blademaster91 said:

also banning customers from replying on twitter for asking about an order.

There are other places to bitch and moan and complain about companies, like on linus forum.

 

7 minutes ago, Blademaster91 said:

according to the article Slickwraps took artwork without paying for it

That is why the owners of the artwork need to take action. Its apart of the game. Small fish vs bigger fish, and literally doesnt mean big fish, just a fish bigger then the other, by say 1cm bigger or 100grams bigger, it dont matter, its business. I agree its a shitty move to steal someones work. Is slickwraps a chinese company? LOLOLOLOL

 

 

7 minutes ago, Blademaster91 said:

I'd consider using twitter bots really desperate,

To each their own, but its quite normal. I wonder how easy it is to set something like that up, and how time consuming it is. Then is it easy for the average person to see what the responders have responded to before, if so then all responses too slickwraps would be easily noticed by average joes.

 

7 minutes ago, Blademaster91 said:

Having customer service that bad

Again, people could complain in other formats online and a simple quick internet search would reveal the issues. I agree its totally shitty, and most people wouldnt reach out to complain on a forum as its too much work involved in setting up an account. Which comes down to losing $5 or losing $500, you lose $5 you shrug your shoulders and say oh well. But lose $500 and sure enough more effort is put into exposing.

 

 

7 minutes ago, Blademaster91 said:

not even having basic site security is pretty shady,

Is it easy for the viewers to see how lax the security is. Like no lock symbol on the links address line

[Lurick]

They "found" the breach themselves and "fixed" it today, LOL

 

 

 

[Duskie]

Medium article has been taken down, a bit too late for that now ;’)

[RonnieOP]

1 hour ago, FakeCIA said:

 

Most of the people who replied or retweeted this tweet of theirs, specifically, all had the same variation of "That's cool" or "I want one." They're literally using bots or having multiple people drive up attention. After checking out the most repetitive of these, they only reply to Slickwraps and dbrand. Most of these are probably the same person with how similar the language and grammar are. Also, that picture is pretty much a copy of dbrand's marketing strategy.

Iirc slickwraps had a bunch of bots go and downvote Nerd on a Budgets videos after he made a video talking about slickdeal bots trying to skew a poll he made about what skin company to use on twitter.

 

 

[Delicieuxz]

General tip: When hearing about new data breaches, it's helpful to check if they've already been added to Wikipedia page List of data breaches - and if they haven't, to add them.

[SpaceGhostC2C]

1 hour ago, FakeCIA said:

If you want a skin for your phone, just go with dbrand. They're safe and you know you can trust em enough.

How do we know this? What do I know about dbrand data management practices or back-end security?

 

Up until today, we didn't have any worse or better information on these fronts about any of these companies (fair to say, I hadn't heard of slickwraps' existence at all, while I only know dbrand because they advertise in LTT ), so there wasn't any company "we knew we could trust" more than any other when it comes to data protection.

Or was there any publicly available information on how these companies managed customer data before this news broke out?

[greenmax]

12 minutes ago, RonnieOP said:

slickwraps had a bunch of bots go and downvote Nerd on a Budgets videos after he made a video talking about slickdeal bots trying to skew a poll he made about what skin company to use on twitter.

Sounds desperate

 

 

 

 

[RafaelSoaresP]

28 minutes ago, Flitter said:

Medium article has been taken down, a bit too late for that now ;’)

http://archive.is/yEIJT

Here's a copy

 

[RonnieOP]

23 minutes ago, SpaceGhostC2C said:

How do we know this? What do I know about dbrand data management practices or back-end security?

 

Up until today, we didn't have any worse or better information on these fronts about any of these companies (fair to say, I hadn't heard of slickwraps' existence at all, while I only know dbrand because they advertise in LTT ), so there wasn't any company "we knew we could trust" more than any other when it comes to data protection.

Or was there any publicly available information on how these companies managed customer data before this news broke out?

Tbh you shouldnt really trust any company for the long haul.

 

Its a cat and mouse game. Hackers are never going to stop evolving and neither are security engineers. A company thats safe today could be hacked tomorrow by an exploit that has never been seen before.