Slickwraps
| Primary URL | Location | Industry | slickwraps[.]com |
Country
United States of America
|
Retail
|
|---|
Profile
Slickwraps, also known by its alias, operates as a mobile device case retailer. The company’s headquarters is located in the United States of America. Slickwraps provides customers with the ability to customize mobile device cases through an upload script. This customization feature allows users to submit personal images or designs for printing on purchased cases. On January 1, 2020, a security researcher identified a path traversal vulnerability in the customization upload script. Exploiting this vulnerability, the researcher gained unauthorized access to Slickwraps’ internal systems.
Despite multiple attempts by the researcher to notify the company, Slickwraps initially ignored the communications and blocked further contact. Subsequently, an unrelated actor leveraged the compromised ZenDesk system to send breach notification emails to over 377,000 customers. Those emails directed recipients to the researcher’s findings about the vulnerability and data exposure. The breach exposed hashed passwords, email addresses, phone numbers, physical addresses, transaction records, employee resumes, and approximately nine gigabytes of personal photos. The researcher later supplied the stolen data to a third‑party breach notification service. In response, Slickwraps’ chief executive officer publicly acknowledged the incident and issued an apology.
