vendredi 21 février 2020

Yeesh, you might want to avoid ever buying anything from SlickWraps

SlickWrapsSlickWraps

Data breaches happen quite often nowadays. Usually, though, they involve various amounts of user data leaking to the so-called "dark web" and then people getting into an uproar. However, the SlickWraps data breach publicized today might be the most over-the-top breach ever.

A hacker going by the name Lynx not only gained access to customer information on SlickWraps but gained control over the entire business. In a very long and very thorough report on the Lynx Medium blog, the hacker proves they could have, quite literally, erased every single aspect of the company's business.

Lynx was able to do this because of the "abysmal" security checks in place surrounding all aspects of SlickWraps. Through some simple hacking that even I fully understand, Lynx was able to gain complete control over the following:

  • All admin account details, including password hashes.
  • All current and historical customer information including addresses, emails, phone numbers, and transaction histories.
  • API credentials for PayPal Payments Pro and Braintree, which process credit card payments.
  • API credentials for ShipHero, its warehouse management system.
  • API credentials for SlickWraps social accounts, including top-level access to its Facebook, Twitter, and Instagram accounts.

In the words of Lynx: "At this point, I could have deleted their entire company."

After gaining all this access, Lynx attempted numerous times to contact SlickWraps to let the company know it had a big problem. However, the company continually ignored Lynx, even going so far as to block them on Twitter. Lynx only decided to go public with the data breach after exhausting all other options.

If you're interested, read Lynx's entire report here. In the meantime, we recommend not buying anything from SlickWraps if you want to avoid your financial data getting stolen.

More posts about Cybersecurity



from Android Authority https://ift.tt/2Pe9wAe
via IFTTT

Aucun commentaire:

Enregistrer un commentaire