Toms Shoes newsletter “hacked by a nice man”

Toms Shoes newsletter "hacked by a nice man"

Footwear retailer Toms has had its email newsletter compromised by someone who calls himself “a nice man”.

As Motherboard reports, someone going by the name of “Nathan” sent an unauthorised message to the firm’s newsletter subscribers with the subject line “Toms hacked by a nice man.”

And, rather than be told about the hottest deals for flip-flops, slip-ons and espadrilles were instead advised to spend a little less time looking at a screen:

Toms Shoes hacked newsletter

hacked by nathan

hey you, don’t look at a digital screen all day, theres a world out there that you’re missing out on. (:

just feel like some people needed that ^^ (:

That’s certainly a refreshing change from the typical messages spread by hackers, and there is no suggestion – although Nathan’s actions were clearly questionable – that anything more malicious has occurred.

Motherboard spoke to Nathan, who chose not to warn the company responsibly of their security issues but instead communicate directly with its newsletter subscribers:

“I had TOMS hacked for quite a while, but with a busy life and no malicious intent, it was pretty useless to have them hacked. By this point responsible disclosure is not a option. So I thought I may as well send out a message I believe in just for fun. End purpose was to spread my message to a large amount of people.”

Nathan told Motherboard that the hack of Toms was easy, but shared no details about how it had occurred. But what he did share, again refreshingly, was a strong message to those who hack with more malicious intent:

“To the hackers who hack large organizations etc for malicious reasons, stop being a criminal. Its beyond fucked up to sell people’s private information on the internet. How do you sleep at night knowing you had a negative impact on thousands or maybe millions of peoples lives? It’s just so wrong. Also you self proclaimed hackers with nothing to show for it, who are just cyberbullies with the biggest egos. It’s not cool.”

I can’t disagree with that, but I do feel that it would have been cooler if Nathan had responsibly disclosed the issue to Toms, and worked with them to fix it rather than spam however many thousands of people are signed up to a newsletter about shoes.

Sign up to our free newsletter.
Security news, advice, and tips.

In an statement posted on its Twitter account, Toms confirmed that its newsletter had been compromised and advised recipients to be wary:

“We are aware of unauthorized activity through our communications channels including email and social media. We are actively looking into the matter. In the meantime, please do not click on any links or reply to it.”

Some users were less than impressed that Toms’s statement came several hours after the unauthorised messages were sent out, and that more effort should have been made to reassure customers more quickly.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Toms Shoes newsletter “hacked by a nice man””

  1. A nice man

    Looks like "Nathan" got a little more than a foot in the door!

    1. coyote · in reply to A nice man

      Hilarious puns! Thanks for that.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.