{
  "docId": "019dd923-622c-750b-8b97-2bce5eee365a",
  "docSlug": "68ffcc59f6e4",
  "documentTitle": "Lemonade, Inc. (LMND)",
  "authorId": "51_Muddy_Waters",
  "authorName": "Carson Block",
  "documentKindSlug": "shareholder-letter",
  "documentKindLabel": "Shareholder letter",
  "sourceTypeSlug": "short_seller",
  "sourceTypeLabel": "Short seller",
  "presentationDate": "2021-05-13 00:00:00",
  "orientation": "portrait",
  "aspectRatio": 0.77272725,
  "pageNumber": 4,
  "pageCount": 10,
  "prevPage": 3,
  "nextPage": 5,
  "slideType": "villain_critique",
  "function": "name_villain",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "This appears to be a page from a security research report or a short-seller disclosure document rather than a traditional corporate shareholder letter.",
  "elementsJson": [
    "paragraph",
    "headline_text"
  ],
  "metadataConfidence": 0.9,
  "imagePath": null,
  "slideHref": "/slides/019dd923-622c-750b-8b97-2bce5eee365a/4",
  "deckHref": "/decks/019dd923-622c-750b-8b97-2bce5eee365a",
  "deckJsonHref": "/decks/019dd923-622c-750b-8b97-2bce5eee365a.json",
  "deckAnchorHref": "/decks/019dd923-622c-750b-8b97-2bce5eee365a#slide-4",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Lemonade should shut down its website, APIs, and mobile application until the vulnerability is verified as fixed by a qualified third party, as there are users currently at risk.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd953-0935-737e-8dc4-48feb5d66af9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.051,
        "w": 0.591,
        "x": 0.208,
        "y": 0.201
      },
      "kind": "paragraph",
      "text": "It is unknown whether Lemonade data has been obtained by other crawlers... we fear there could be numerous harmed parties, but we are unable to provide an estimate of impact size.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "1b382e6c-bfb0-460a-aaad-5e5a449c79c0",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.077,
        "w": 0.591,
        "x": 0.208,
        "y": 0.336
      },
      "kind": "paragraph",
      "text": "It is unknown how long it will take to remediate the vulnerability... We recommend that Stripe, Lemonade's credit card processing partner, also consider disengaging from any integrated systems and monitor its own systems for any indicators of fraud or anomalous behaviour.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "86666dca-f3ce-4e27-a961-7faa23bdbfc5",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.025,
        "w": 0.591,
        "x": 0.208,
        "y": 0.163
      },
      "kind": "paragraph",
      "text": "complete compromise of the victim's Lemonade account, including the ability for an attacker to edit account details and apply for or change coverage.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ce4f07ad-3411-46a9-a31f-65b444269a17",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.051,
        "w": 0.591,
        "x": 0.208,
        "y": 0.274
      },
      "kind": "paragraph",
      "text": "Similarly, we are unable to determine whether this vulnerability has breached Lemonade's infrastructure... Lemonade users should be notified and should be on alert for potential follow-up phishing or spearphishing attacks.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f008bcd7-aa06-4680-a79c-e2b41cb87630",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.015,
        "w": 0.489,
        "x": 0.208,
        "y": 0.421
      },
      "kind": "title",
      "text": "Description of the Lemonade.com Vulnerability",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f361f0d9-2fe7-4d65-987a-8e48951d675f",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 4,
      "from": 3,
      "beatId": "643e463f-b2de-48f1-ab9b-1cd839dacd1e",
      "arcName": "Overcoming the Monster",
      "arcSlug": "overcoming-monster",
      "beatName": "The Monster (Problem)",
      "beatSlug": "overcoming-monster-the-monster",
      "evidence": "Description of the Lemonade.com Vulnerability",
      "position": 0,
      "confidence": 0.8,
      "parentBeatName": "Hook",
      "parentBeatSlug": "hook"
    }
  ],
  "loops": [
    {
      "to": 5,
      "from": 3,
      "name": "The Reveal",
      "slug": "05-the-reveal",
      "bestFor": "Product launches, strategic pivots, unexpected findings",
      "matchId": "130e79d4-df07-4e5c-ae3e-b30d424d1029",
      "evidence": "The document reveals the vulnerability and provides steps to reproduce",
      "position": 0,
      "objective": "Reveal the vulnerability and coordinated disclosure",
      "structure": "Setup the Question -> Build Suspense -> The Big Reveal",
      "confidence": 0.7,
      "description": "Build mystery and anticipation, then deliver a surprising or powerful conclusion"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}