• Vinyl maker for electronic devices Slickwraps recently informed its customers that its official website was hacked
  • Slickwraps claimed that over 377,000 customers data were compromised, but passwords and credit card information are safe
  • According to a security researcher, the company has been repeatedly warned about a massive vulnerability on its website but ignored the warnings and even blocked their Twitter account

Those who have an account with Slickwraps might want to change their passwords immediately. The vinyl skin maker for various electronic devices, including smartphones, tablets, gaming consoles, and computers, revealed earlier today that its official website was hacked. According to a security researcher, the company has been warned about this possibility earlier.

Slickwraps sent emails to its customers, notifying them of the current situation of its official website. The company claims that an unauthorized party was able to hijack the private databases of the company and got customers’ names, addresses, and email addresses. Slickwraps says that customers’ credit card information and passwords were not compromised.

The company also assures its customers that it has learned from its mistakes and would make several improvements. It promises to improve its security processes and would work with a third-party cybersecurity firm to audit security protocols. However, it appears that the scale of the breach is much more than Slickwraps is letting on.

18 million accounts were stolen from music sharing site 8tracks. Hypnoart/Pixabay

It seems that Slickwraps has been repeatedly warned about the vulnerability on its website in the past. This was revealed on Twitter by a security researcher named Lynx. According to the security researcher, they already warned Slickwraps several times over the past days.

It turned out that Slickwraps ignored their warnings. The security researcher also revealed that the company even went as far as blocking their Twitter account. The security researcher later shared the breach in a post in Medium that the platform already deleted.

It appeared that someone used the information in the Medium post to gain access to the databases and email of all the 377, 428 Slickwraps customers. The attackers blasted emails to these customers, informing them about the website breach long before Slickwraps has issued a statement.

A few days ago, the Twitter account of the security researcher named Lynx was temporarily suspended. It appears to be back now, though. The response of the Slickwraps CEO about the breach was shared by Droid-Life’s Kellen, which adds more confusion. The response was dated Feb. 22, but at the time that it was released, it was just Feb. 21.

For those who are not sure if their accounts were included, the best thing to do is to change passwords asap. Also, the hacked databases were recently uploaded to Have I Been Pwned. The service claimed that the breach affected over 857,000 accounts and not 377,000.