Toms Shoes newsletter “hacked by a nice man”

Toms Shoes newsletter "hacked by a nice man"

Footwear retailer Toms has had its email newsletter compromised by someone who calls himself “a nice man”.

As Motherboard reports, someone going by the name of “Nathan” sent an unauthorised message to the firm’s newsletter subscribers with the subject line “Toms hacked by a nice man.”

And, rather than be told about the hottest deals for flip-flops, slip-ons and espadrilles were instead advised to spend a little less time looking at a screen:

Toms Shoes hacked newsletter

hacked by nathan

hey you, don’t look at a digital screen all day, theres a world out there that you’re missing out on. (:

just feel like some people needed that ^^ (:

That’s certainly a refreshing change from the typical messages spread by hackers, and there is no suggestion – although Nathan’s actions were clearly questionable – that anything more malicious has occurred.

Motherboard spoke to Nathan, who chose not to warn the company responsibly of their security issues but instead communicate directly with its newsletter subscribers:

“I had TOMS hacked for quite a while, but with a busy life and no malicious intent, it was pretty useless to have them hacked. By this point responsible disclosure is not a option. So I thought I may as well send out a message I believe in just for fun. End purpose was to spread my message to a large amount of people.”

Nathan told Motherboard that the hack of Toms was easy, but shared no details about how it had occurred. But what he did share, again refreshingly, was a strong message to those who hack with more malicious intent:

“To the hackers who hack large organizations etc for malicious reasons, stop being a criminal. Its beyond fucked up to sell people’s private information on the internet. How do you sleep at night knowing you had a negative impact on thousands or maybe millions of peoples lives? It’s just so wrong. Also you self proclaimed hackers with nothing to show for it, who are just cyberbullies with the biggest egos. It’s not cool.”

I can’t disagree with that, but I do feel that it would have been cooler if Nathan had responsibly disclosed the issue to Toms, and worked with them to fix it rather than spam however many thousands of people are signed up to a newsletter about shoes.

Sign up to our free newsletter.
Security news, advice, and tips.

In an statement posted on its Twitter account, Toms confirmed that its newsletter had been compromised and advised recipients to be wary:

“We are aware of unauthorized activity through our communications channels including email and social media. We are actively looking into the matter. In the meantime, please do not click on any links or reply to it.”

Some users were less than impressed that Toms’s statement came several hours after the unauthorised messages were sent out, and that more effort should have been made to reassure customers more quickly.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Toms Shoes newsletter “hacked by a nice man””

  1. A nice man

    Looks like "Nathan" got a little more than a foot in the door!

    1. coyote · in reply to A nice man

      Hilarious puns! Thanks for that.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.