Slickwraps is a company that sells skins for multiple technological devices, including phones, laptops, tablets, and gaming consoles.
The breach was the product of a research program. There are massive amounts of security researchers, also known as white hat hackers, that go through various websites and see how easy it is to hack into them. When Bleeping Computer asked this hacker why they didn’t alert Slickwraps as soon as they penetrated the system, they said, “As a white hat, we want to see how far we can go so we can generate a full report. No point in doing research and reporting the first vulnerability when there’s still 10 others.”
This breach occurred when a security researcher known as Lynx gained access to the company’s internal systems. They contacted Slickwraps and waited; they never received any response, so they disclosed the method of the breach and revealed what information was accessed. While Lynx’s reporting methods leave something to be desired, it appears negligence exposure was the goal.
This breach occurred in February 2020.
The breach has impacted anyone that received a strange email that started with "If you're reading this, it's too late. We have your data." The email went on to explain– somewhat comically– that the people sending the emails out wanted nothing to do with the victims' data; they wanted to alert the victims to the breach so they could be aware and remain safe and cautious.
The breach affected over 300,000 people, as shown in the email. “We’re just using 377,428 emails from their (referring to Skinwraps) customer database to send this mass email (that’s bad!).”