On the night of Monday to Tuesday (August 26-27), customers of several online erotic stores received emails from a criminal who had stolen their data and order details, Niebezpiecznik.pl reports. In the message, the perpetrator provided information about the purchased products and claimed to have the recipient's contact information.
Data Breach at Polish Sex Shops: Perpetrator Threatens to Publicize Purchase Information
The criminal is demanding a payment of 500 PLN from customers by October 1. They are threatening to release the stolen database after that date.
All orders of non-paying customers will be published in CSV format, making the data easily accessible to anyone interested
- reads the message, as reported by Niebezpiecznik.pl. The portal’s editorial team has received dozens of reports on this matter. Most of the individuals confirmed that they were customers of the stores and that the product mentioned by the perpetrator matched their order.
According to the email from the perpetrator, the data breaches affected the stores Sensu, Sekrecik, eRozkosz, and Kraina Doznań. These online retailers use platforms such as AtomStore, Sote, RedCart, and Selly. The author of the message claims that the situation is the result of "gross negligence, ignorance, and poor quality of the e-commerce platform code". They added that the platforms were aware of the breach but "were not interested in cooperating".
Reports of a Possible Data Breach Surfaced Earlier
Niebezpiecznik.pl points out that the perpetrator’s messages were sent using email addresses of stores that use Selly and RedCart services but belong to other industries.
This suggests that either not all stores have been updated, or the vulnerability used to obtain the data is still unpatched, and essentially, customer data can be extracted from any store on the RedCart/Selly platforms
- the report states.
At the end of June, the portal wrote about attacks on the Selly e-commerce platform, citing examples of stores for athletes. Radio ZET had already reported that the data breach affected customers of the sex shop Kraina Doznań. At that time, it was reported that the perpetrator had gained access to data such as names, email addresses, mailing addresses, and passwords in encrypted form.
