Nathan: An attacker that wanted to be known as Nathan according to Vice, has managed to breach the email for the shoe company Toms. As opposed to most threat actors trying to make the lives of their victims harder, this one particular actor had some kind words to share. The email that they sent to the customers of Toms read, “Hey you, don’t look at a digital screen all day, there’s a world out there that you’re missing out on.” Nathan goes on to explain that he has had Toms breached for some time, but his life has been so busy that he has had no time to do anything and that he had no intent to use the breach for malicious purposes. After having the information for so long, he decided it was past the allotted time to reasonably disclose the information to Toms, so instead, he decided to spread a message that he felt was important, while at the same time informing Toms about the faulty security. Nathan would not go into the details of how they managed to steal the information but did leave a message to other attackers, calling them criminals and asking how they can sleep at night. Toms is aware of the breach but does not believe any information was stolen.
Analyst Notes
Companies should consider implementing “Responsible Disclosure” guidelines clearly stated on the company website. These guidelines tell security researchers how to inform the company of any security problems that they have observed or discovered. Some companies even offer a monetary reward, called a “bug bounty” for responsibly reported security information.
