Popular retailer Toms Shoes has informed customers via email that on 6th October, an unidentified hacker gained access to its communication channels such as email and social media channels but the intrusion did not impact customers' credit card data or their email addresses.
News of the breach first arrived on Sunday when Toms Shoes announced on Twitter that it was aware of "unauthorised activity" throughout its communication channels, including email and social media, and advised customers not to click on any links or reply to any communications that originated from its media channels.
Earlier today, the company released a more detailed statement and also sent emails to customers advising them about the cyber incident, stating that an individual gained access to its account in a third-party system and proceeded to send an unauthorised email to the TOMS community.
It added that immediate steps were taken to deactivate the account after the unauthorised access was detected. There is also no evidence that that credit card data was accessible or that TOMS' marketing customer email list was downloaded by the hacker.
"We are working diligently with our technology providers around the world as we continue to evaluate the incident," Toms Shoes added.
Hacker hijacked Toms Shoes email account just for fun
Motherboard recently accessed the "unauthorised email" sent by a self-styled White Hat hacker to the TOMS community. Unlike emails sent from hacked accounts belonging to major brands, the email did not ask customers to confirm their personal or banking account details to continue their subscription, but instead, advised them to enjoy the world out there rather than look at their digital screens all day.
"hey you, don't look at a digital screen all day, theres a world out there that you're missing out on. just felt some people need that," the hacker wrote.
When contacted by Motherboard, the hacker, who calls themselves Nathan, said that their intent was not to steal personal details of Toms Shoes customers and the hijacking of the company's email account was not carried out with any malicious intent.
"I had TOMS hacked for quite a while, but with a busy life and no malicious intent, it was pretty useless to have them hacked. By this point responsible disclosure is not a option. So I thought I my as well send out a message I believe in just for fun. End purpose was to spread my message to a large amount of people," Nathan said.
"To the hackers who hack large organisations etc for malicious reasons, stop being a criminal. Its beyond fucked up to sell people's private information on the internet. How do you sleep at night knowing you had a negative impact on thousands or maybe millions of peoples lives? It's just so wrong," Nathan added in a message to cyber criminals.
"Also you self proclaimed hackers with nothing to show for it, who are just cyberbullies with the biggest egos. It's not cool," the hacker added.