View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 7, 2019

Hacker to 5 Million Victims: “Get Outside More”

"People now are spending too much time looking at screens"

By CBR Staff Writer

A hacker who gained access to online retailer TOMS’ mailing list has used the breach to give its claimed five million subscribers some unsolicited life advice.

His message (subject: TOMS hacked by nice man): “Hey you, don’t look at a digital screen all day, theres [sic] a world out there you’re missing out on :)”.

Worryingly for customers, the hacker appears to have gained access to far more than the mailing list, tweeting a screen shot of order details.

He told customers on Twitter “full credit card details aren’t shown. Just most of the account number (10 digits). Still bad for sure, but it could be worse.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The hacker responsible, “Nathan” told Computer Business Review in a Twitter DM that he had hacked the servers of the US-based company and social enterprise some time ago, but – lacking pecuniary motives  – not found a use for the access (“it’s beyond f****d up to sell peoples private information on the internet”, he told us).

TOMS Hacked. Company “Looking Into the Matter”

TOMS said: “We are aware of unauthorized activity through our communications channels including email and social media. We are actively looking into the matter. In the meantime, please do not click on any links or reply to it.”

See also: IaaS Misconfigurations: McAfee Claims 99% Go Unnoticed

It was not immediately clear if the company has contacted the ICO as required under GDPR. Computer Business Review has yet to hear from the company.

“Nathan” said: “With a busy life and no malicious intent, it was pretty useless for me to have them hacked. By this point responsible disclosure is not a option. So I thought I might as well send out a message I believe in just for fun.”

Why TOMs, and how did he do?

“An easy pop. No grudges or anything like that against TOMS. I had access to their internal network along with many many machines on it. Much more information was in the databases running on those servers which I also had access to… Dear TOMS, sorry for hacking you guys. No hard feelings pls?”

He declined to answer questions on how he gained access, saying that is “gonna have to be a secret”.

He added: “I feel like people now are spending too much time looking at screens
like I once did. There’s plenty more to experience out there in the world to enjoy. Life happens too quick when you look at a screen. It’s like life gets put on fast forward. My message was hopefully reaching those teenagers and even adults who are addicted to their smart devices. Hoping to trigger some people to have a self realization/epiphany.”

While it’s passingly possible five million TOMs subscribers may get a lift from the message, others may be worrying their account information is also vulnerable. Meanwhile, as the hacker puts it: “TOMs needs some better security”.

Read this: Colossal 2.3 Billion Files Now Exposed Online

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.