There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.
We are reaching out to you because we’ve made a mistake in violation of that trust. On February 21st, we discovered customer data in some of our non-production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party.
The information did not contain passwords or personal financial data.
The information did contain names, user emails, addresses If you ever checked out as "GUEST" none of your information was compromised.
Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question.
As an additional security measure, we recommend that you reset your Slickwraps account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. Finally, please be watchful for any phishing attempts.
We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving communication of security guidelines to all Slickwraps employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cybersecurity firm to audit and improve our security protocols.
Timeline of Events
Contacted by an individual claiming to have access to customer data via a Twitter post. These posts were not immediately seen and once seen, contact was made with the individual by our social team.
After receiving said message, contact was made to Troy Hunt @troyhunt on February 20th, 2020, to verify the users' authenticity.
February 20th, 2020 - FBI were notified of the possible threat, and our security team began looking into a potential breach.
February 21st, 2020 - The attacker has emailed customers connected to the breach. Has publicly stated no data was stored and all deleted.
February 21st, 2020 - FBI has opened an investigation with DA approval.
February 21st, 2020 - The exploit was repaired and all data is secured. We are currently working with a 3rd party cybersecurity team for continued analysis.
More details will follow, and we appreciate your patience during this process.
CEO @ Slickwraps