What You Need to Know About Slickwraps Data Hacking
If you’ve ever adorned your laptop or smartphone with a pretty custom vinyl skin, chances are you got it from Slickwraps – or at least heard of the popular pre-made and custom skin creator. Unfortunately, Slickwraps recently experienced a data breach that affected over 857,000 accounts. If you’ve ever bought from them in the past or created an account with the service with the intention of doing so, here’s what you need to know.
Keep your passwords and personal financial data safe
Attackers exploited a vulnerability in the configuration of the Slickwraps server to access client databases. Some of those who have done this have tried to be helpful by emailing Slickwraps clients that their data is now in the public domain, but there is no way of knowing who got their hands on these databases and what they are planning with them. make. …
A small positive side of this violation is that your financial information is protected if you have saved it on the Slickwraps site. And your passwords are fine too, although that shouldn’t matter, as discerning Lifehacker readers have already taken our advice and have set strong unique passwords for every site and service they use. According to an email sent from Slickwraps after the hack:
“… on February 22nd, we discovered that information in some of our non-production databases had been mistakenly released to the public using an exploit. At this time, an unauthorized party got access to the databases.
The information did not contain passwords or personal financial data. “
About your address …
The data contained in the available databases included customer names, email addresses, and physical addresses. While this is probably not enough to upset someone, it makes you more vulnerable to potential phishing attempts. It’s also likely that this data, combined with data from other breaches, is all an attacker would need to create a new account or service for you – or worse, recover your password in a separate service or convince a customer. that the support agent that they are you.
Otherwise, there is little that can be done in this case. While I don’t think you need to lose your temper and start setting up a credit freeze, using free credit monitoring doesn’t hurt as a standard response to any irregularities. It won’t help you if someone can link your address to email, but it’s a decent universal gesture for moments like this.
Your best answer, besides using any means of protecting your browser from fake websites, is to combine a powerful ad blocker with some common sense. If (or when) you receive an uninvited email or message asking you to do something, especially if it contains some personal information about you that you find funny – for example, your address accidentally inserted into a request – please refer to this is skeptical.
Think before answering with the information he wants (if at all). Please email or call separately to confirm this is a legitimate offer. Do not give out your credit card information, social security number, or other sensitive information unless you have verified that you are not being targeted by phishing. As always, check the URLs when you click on a website link to make sure you are not sending your personal information to a scammer and not, say, your bank.
And that almost goes without saying, but reset your Slickwraps password. Even though the passwords have not been stolen, this is one of the first things you should do when a data incident occurs on any site or service you use.
You can be safe depending on how you shop at Slickwraps
Here’s one quirk of the Slickwraps database hack: if you’ve purchased from the company but signed up as a guest, instead of creating an account, you’re fine. At the same time, no information about you as a result of hacking happened. Likewise, if you create an account after February 22nd, it will be clear to you as well.
How to check if your account has been harmed
Slickwraps (or those accessing its database) should have sent you a message to indicate that your information was affected by a violation. If you haven’t received this email, or just want to be sure, you can use Have I Been Pwned? to check if your credentials were in the leaked database.
However, given that Slickwraps was allegedly informed of the security flaws well before the database leak, you may want to reconsider where you will buy device skins in the future. Being cyberattacked is one thing; Another thing is to ignore those who are trying to help you fix your databases before the violation occurs, and then ask for forgiveness after that.