Polish Eco-Friendly Retailer VegeHome Suffers Data Breach Exposing 100K+ Customers
Polish eco-friendly retailer VegeHome breached; 100K+ customers' data exposed by lulzintel.
Summary
Polish e-commerce retailer VegeHome suffered a data breach in April 2026 affecting over 100,000 customers. Threat actor lulzintel leaked the full PrestaShop database containing customer names, emails, hashed passwords, password reset tokens, secure keys, and B2B details including company SIRET numbers. The exposure of valid password reset tokens creates immediate account takeover risk and enables both consumer identity theft and business identity fraud.
Full text
Dark Web Informer - Cyber Threat Intelligence Polish Eco-Friendly Retailer VegeHome Suffers Data Breach Exposing 100K+ Customers April 13, 2026 - 8:11:37 AM UTC Poland E-Commerce / Retail Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-13 08:11:37 UTC Threat Actor lulzintel Victim VegeHome (vegehome.pl) Industry E-Commerce / Retail Category Data Breach Customers Exposed 100,000+ Platform PrestaShop Breach Date April 2026 Price Free (Public Leak) Network Open Web Severity High Country Poland Incident Overview A threat actor going by lulzintel has uploaded the full database of vegehome.pl, a Polish eco-friendly home products retailer. The actor states the breach occurred in April 2026 and exposed data belonging to over 100,000 customers. VegeHome's tagline "inspiracje mamy w naturze" (nature-inspired) positions it as an eco and natural lifestyle brand. The data was published as a free download for registered forum members. The leaked data comes from a PrestaShop installation (identified by the ps_customer and ps_mail table structures) and contains the following fields: Customer Identity: Customer IDs, first names, last names, email addresses, gender IDs, and birthdays. Business Details: Company names, SIRET numbers (French/EU business registration identifiers), and APE codes (business activity classification). This suggests VegeHome serves both individual consumers and business customers. Credentials and Security: Hashed passwords (passwd field), last password generation timestamps, secure keys, password reset tokens, and password reset validity periods. The reset tokens and secure keys could allow account takeover if they are still valid. Account Metadata: Shop group IDs, shop IDs, default group IDs, language IDs, risk IDs, newsletter subscription status, newsletter registration IPs, opt-in status, account creation dates, last update dates, active/deleted/guest flags, and notes. Financial Settings: Outstanding allow amounts, show public prices flags, and max payment days, which are typically used for B2B customers with credit terms. Mail System: A separate ps_mail table with mail IDs, recipients, templates, subjects, language IDs, and timestamps, exposing the store's internal email communication records with customers. The combination of password reset tokens, secure keys, and hashed passwords makes this particularly actionable for attackers. If any reset tokens are still valid, they could be used for direct account takeover without needing to crack passwords. The B2B data (SIRET numbers, company names, payment terms) adds a business identity theft dimension beyond typical consumer e-commerce breaches. Compromised Data Categories Full Names Email Addresses Hashed Passwords Password Reset Tokens Secure Keys Birthdays Company Names & SIRET Numbers Newsletter & IP Data B2B Payment Terms Internal Mail Records Account Status & Metadata Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets vulnerabilities in the PrestaShop e-commerce platform to gain unauthorized access to the production database containing customer records and internal mail data. T1555 Credentials from Password Stores Extracts hashed passwords, password reset tokens, secure keys, and password validity periods for 100,000+ customer accounts, enabling account takeover and credential stuffing attacks. T1213 Data from Information Repositories Extracts the complete PrestaShop database including customer profiles, B2B company details with SIRET numbers, account metadata, and internal mail communication records. T1567 Exfiltration Over Web Service Publishes the stolen e-commerce database as a free download on web forums, gated behind forum registration, with SQL dump samples provided publicly. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com
Indicators of Compromise
- domain — vegehome.pl
- mitre_attack — T1190
- mitre_attack — T1555
- mitre_attack — T1213
- mitre_attack — T1567