Just Say No to Email Hackers

Waveborn Customers –

We want to send a formal apology to any customers who received a recent derogatory email from an online hacker posing as “The Waveborn Team.” Waveborn received threats earlier this week from an anonymous hacker who wanted us to send him 10 bitcoins (~$3000) immediately and every year moving forward or else bad things would happen.

Waveborn does not negotiate with terrorists. We hoped it was spam and/or a hoax. However, we still took precautions to secure our website and move it to a new, fully secure server last night.

Our investigation is ongoing into the full extent on his breach in our systems. Waveborn’s old website was hosted on WordPress from March to November 2014. In December, we transitioned to a beautiful new www.waveborn.com that is fully secure. We believe the hacker was able to extract an email list(s) from this system to send out messages to our customers and make it appear like it was from Dustin, our Regional Sales Manager in San Diego.

I’m happy to report that Dustin is still a loving Waveborn employee and did not actually send out any of those messages. We have taken precautions by changing our passwords on email accounts and back end systems to prevent any further breaches.

We do not store any sensitive financial information in our website (it stays with our payment processor), so we are confident that no credit cards have been compromised. We think he was only able to capture email addresses. As always, it is also important to closely monitor your payment card accounts and to report unusual activity to your issuing bank. Please contact me immediately if you see any fraudulent charges on your bank statements.

My direct line is 310-499-6295 and my personal email is mwmalloy@gmail.com.

We are making every effort to notify any customer whose email address was taken. Please pass on this message to your friends who may have received a spam email from the hacker.

In all likelihood this will not impact you. But, as always, it’s important to be on guard against phishing scams that are designed to trick you to provide personal information in response to phony emails. It is important not to give out personal information via email. Similarly, you should not click directly on any email links if you have any doubts about whether the email comes from a legitimate source. Here is more info about preventing phishing scams.

We apologize for the frustration and inconvenience this breach may have caused. We predict that most customers could tell that a message like this was fake:

I want clarify any concerns the spam email mentioned. Waveborn Sunglasses did NOT lose a recent lawsuit – the only legal action being taken is against the hacker. Waveborn Sunglasses are NOT made in China – they are still handcrafted in Milan, Italy. Waveborn Sunglasses is NOT going bankrupt – we are forecasting to do $2M in revenue in 2015 thanks to new partnerships with Industries for the Blind, C&E Vision Buying Group, and Promotive.com.

We truly appreciate your love and support during this difficult time. Keep rocking your Waveborn shades and together we can change how people see the world.

Give the gift of sight,
Mike and the Waveborn Team


p.s. Hate hackers? We do too! Use the code “NOHACKERS” for 25% off your next purchase at the fully secure www.waveborn.com