A significant data breach has compromised the personal details of thousands of customers from several Polish online adult shops. The cybercriminal responsible has threatened to release the stolen data unless a ransom is paid.
Late at night, unsuspecting customers of multiple Polish e-commerce sites specializing in adult products received alarming emails. The hacker claimed to have accessed their personal information, including detailed descriptions of their purchased items, and demanded a ransom to prevent the data from being published.
The breach was first reported by niebezpiecznik.pl, a local cybersecurity news portal. According to the portal, the emails sent to the victims were nearly identical except for the specifics of the ordered products. The messages stated that extensive data leaks from platforms like AtomStore, Sote, RedCart, and Selly—including from online stores such as sensu.pl, sekrecik.pl, erozkosz.pl, and kraina-doznan.pl—were the result of “gross negligence, ignorance, and low-quality programming of e-commerce platforms.”
The attacker is demanding 500 PLN (approximately 120 USD) to be paid by the victims into a specified Bitcoin address by October 1, 2024. In return, the hacker promises to delete the victim’s data from the stolen databases. Failure to comply would result in the public release of the data in a CSV format, making it accessible to anyone interested.
This incident highlights ongoing issues within the digital security of e-commerce platforms, echoing previous leaks that had reportedly been ignored by the affected companies despite being known for several months.
Authorities are yet to comment on the situation, and it remains unclear how the breach was carried out or whether any measures can be taken to prevent the publication of the data if the ransom demands are not met. This breach serves as a stark reminder of the vulnerability of personal data online and the importance of robust cybersecurity measures.