Framework has become a rising star in the consumer tech world, designing some of the only laptops on the market that are completely serviceable and upgradable by the end user. But even the best companies are vulnerable to hacking and Framework is no exception. The manufacturer alerted some of its customers yesterday that a phishing attempt was successful in securing the names and email addresses of an unknown number of users of its online store.
The attack came via a social engineering attack on Framework’s external accountant firm, posing as its CEO and successfully stealing a spreadsheet with the names, addresses, and outstanding balances of customers who still owe money on their laptop or parts purchases. The information was sent to affected customers in an email, which was then posted to Framework’s user forum and spotted by Bleeping Computer.
A name and an email address isn’t a huge amount of information to go on in terms of malicious attacks. But it’s possible that this stolen info could be used in conjunction with other major hacks targeting customer databases (which seem to be coming at least once a day) to create a more holistic data set and thus a vector for identity theft. Framework has advised affected users to be wary of any emails presuming to be from the company.
