Slickwraps Suffers Data Breach After Ignoring Warnings From Security Researcher

Slickwraps, a company that develops skins for Apple devices like the iPhone and Mac, yesterday suffered a data breach that saw customer info like names and addresses leaked.

News of the leak surfaced when hackers who got into the database sent out emails to Slickwraps' customer base of more than 370,000 users letting them know about Slickwraps' poor security.

slickwrapsdatabreachemail
Prior to the breach, Slickwraps was warned of the vulnerabilities in its site (linked to the create a skin feature) multiple times by a security researcher who goes by Lynx on Twitter, who has now deleted all of his tweets.

Lynx informed Slickwraps about the data breach on February 15, and attempted to get in touch with the company several times over the course of the last week, as outlined by an article shared on Medium that has now been suspended by Medium. Lynx had his emails ignored and was even blocked by Slickwraps on Twitter after attempting to inform the site of its security vulnerabilities.

Lynx's interactions with Slickwraps were not exactly polite and he was dealing with customer support staff that were clearly confused about what was going on based on the now-removed Medium article, but Slickwraps blatantly ignored multiple warnings about its poor security before the data breach. Lynx says that he did not send out the emails that were delivered to Slickwraps customers yesterday and that it was a third-party data breach that happened after his article was published, but with his Medium post suspended and all of his tweets deleted, he may be in some hot water for the public way that he disclosed the vulnerabilities in the site.

After the emails went out and customers became aware of the data breach, Slickwraps finally commented on the situation. An initial statement tweeted by Slickwraps (which is based in the United States) claimed to have just heard about the data breach on "February 22" when it was still February 21, which was inaccurate because Lynx documented his attempts to get in touch with the company on Twitter. Slickwraps later deleted the statement and tweeted a new one with the correct date. From Slickwraps' statement:

There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.

We are reaching out to you because we've made a mistake in violation of that trust. On February 21st, we discovered information in some of our non-production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party.

The information did not contain passwords or personal financial data.

The information did contain names, user emails, addresses. If you've ever checked out as "GUEST" none of your information was compromised.

Slickwraps goes on to say that it is "deeply sorry" for the oversight and promises to "learn from this mistake." It recommends that users reset their account passwords and be watchful for any phishing attempts.

Going forward, Slickwraps says that it will enhance its security processes, improve communication of security guidelines to Slickwraps employees, and make user-requested security features a "top priority." The company says that it is also partnering with a third-party cyber security firm to audit and improve security protocols.

Slickwraps' data breach demonstrates the importance of penetration testing for any site that deals with customer data. Data breaches are pretty much impossible to avoid these days, but customers can protect themselves somewhat by using unique passwords for every site and using two-factor authentication where appropriate.

Popular Stories

ios 19 messages app

Apple Sues Jon Prosser Over iOS 26 Leaks

Thursday July 17, 2025 8:40 pm PDT by
Earlier this year, YouTuber Jon Prosser shared multiple videos showing off what he claimed to be re-created renderings of what was then presumed to be called iOS 19 and which was eventually unveiled by Apple as iOS 26 at WWDC in June. In his first video back in January, Prosser showed off a Camera app redesign with a simpler set of buttons for moving between photo and video modes, and he...
iOS 26 on Three iPhones

Here's When to Expect the iOS 26 Public Beta

Tuesday July 15, 2025 11:07 am PDT by
Apple previously announced that a public beta of iOS 26 would be available in July, and now a more specific timeframe has surfaced. Bloomberg's Mark Gurman today said that Apple's public betas should be released on or around Wednesday, July 23. In other words, expect the public betas of iOS 26, iPadOS 26, macOS 26, and more to be available at some point next week. Apple will be releasing...
iPhone 17 Colors

All 15 New iPhone 17 and iPhone 17 Pro Colors Revealed in Latest Leak

Wednesday July 16, 2025 6:50 am PDT by
We may finally have a definitive list of all color options for the iPhone 17 series, ahead of the devices launching in September. MacRumors concept In a report for Macworld today, Filipe Espósito said he obtained an "internal document" that allegedly reveals all of the color options for the upcoming iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max models. The report includes ...
iPhone 17 Pro Dark Blue and Orange

Ranked: The Best Features Rumored for the iPhone 17 Lineup

Wednesday July 16, 2025 4:17 pm PDT by
We have just under two months to go until the debut of Apple's iPhone 17 models, and rumors have been ramping up in recent weeks. We went through everything we know so far, pulling out the most exciting rumors and highlighting some other changes that aren't going to be so great. Top Tier Ultra Thin iPhone 17 Air - The iPhone 17 Air is 2025's most exciting iPhone rumor, because it's the...
Foldable iPhone 2023 Feature Homescreen

Foldable iPhone's Thickness and Price Range Detailed in New Reports

Wednesday July 16, 2025 11:31 am PDT by
Apple's long-rumored foldable iPhone will likely have a starting price between $1,800 and $2,000 in the U.S., analysts at investment banking firm UBS said this week. If so, the foldable iPhone would cost more than a MacBook Pro, which starts at $1,599. With a starting price of at least $1,800, the foldable iPhone would be the most expensive iPhone model ever released, topping the Pro Max at...
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Sunday July 13, 2025 10:30 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
Apple Hornsby

Apple Store Near Sydney Permanently Closing Later This Year

Monday July 14, 2025 6:14 pm PDT by
Apple today said its store at the Westfield Hornsby shopping mall, in Hornsby, Australia, will be permanently closing in October. Apple Hornsby In a statement shared with Australian tech news website EFTM (via Reddit), Apple said that it has decided not to renew its lease at Westfield Hornsby. Apple said all affected retail employees will be given the opportunity to work at Apple's nearby...

Top Rated Comments

twistedpixel8 Avatar
71 months ago
Complacency regarding security in 2020 is inexcusable. If you behave this way with customer data you shouldn’t run a company.
Score: 50 Votes (Like | Disagree)
Dave-Z Avatar
71 months ago

he may be in some hot water for the public way that he disclosed the vulnerabilities in the site.
He made attempts to alert the company, they outright refused to acknowledge him. He then disclosed it publicly. That's literally what every security researcher does.
Score: 24 Votes (Like | Disagree)
primarycolors Avatar
71 months ago
If anyone doesn't know, SlickWraps already had an incredibly sleazy track record. Constant discounts from false prices (false advertising), failing to deliver on orders, failing to respond to customer service, alleged artwork theft... not to mention their ridiculous social media bots posting fake pro-SlickWraps BS on Reddit and mass downvoting anything against them. I unfortunately fell for the fake sales when I didn't know better and got my info in their system...

SlickWraps is a true train wreck company. I'm absolutely enraged yet not surprised by their poor handling of this.

Now, I'm really curious to see what charges they will face from GDPR violations.
Score: 17 Votes (Like | Disagree)
Will Tisdale ? Avatar
71 months ago
I wonder on what grounds Medium ‘suspended’ that researchers post?

I guess that’s yet another reason not to use blogging services like that for anything remotely important.

Also, if the researcher has been ignored and then blocked as appears to have happened, then public disclosure is the only way. I don’t see an issue with it.
Score: 16 Votes (Like | Disagree)
Bkxmnr Avatar
71 months ago
"Fat, drunk, and stupid is no way to go through life son." Ignoring advice from security experts falls under the stupid category.
Score: 16 Votes (Like | Disagree)
Will Tisdale ? Avatar
71 months ago

An important lesson and message companies like Slickwrap are conveying with this: if you find a vulnerability of a service on the internet, never ever disclose it to the owners. You will be deemed the Problem and your behind gets prosecuted to set an example. You make them look bad, you make them do extra work, you piss them off. You need to be silenced.

Instead, sit on that information quietly. Sell the exploit on the black market if you want to profit off it. Get wild, just try not to get caught. You'll be way safer that way.
Yep, it’s a completely irresponsible way of dealing with a report. What’s so wrong or difficult about listening to the researcher, reproducing the issue and fixing it without being an arse about it?

Ignoring someone who is ultimately trying to help is very much a spoilt child mentality.
Score: 13 Votes (Like | Disagree)