Skip to content
Support
Donations
Data Breaches

Polish Eco-Friendly Retailer VegeHome Suffers Data Breach Exposing 100K+ Customers

 and  Dark Web Informer
9 min read
Dark Web Informer - Cyber Threat Intelligence

Polish Eco-Friendly Retailer VegeHome Suffers Data Breach Exposing 100K+ Customers

April 13, 2026 - 8:11:37 AM UTC
Poland
E-Commerce / Retail
Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more.
View API
Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously.
Subscribe Now

Quick Facts

Date & Time 2026-04-13 08:11:37 UTC
Threat Actor lulzintel
Victim VegeHome (vegehome.pl)
Industry E-Commerce / Retail
Category Data Breach
Customers Exposed 100,000+
Platform PrestaShop
Breach Date April 2026
Price Free (Public Leak)
Network Open Web
Severity High
Country Poland

Incident Overview

A threat actor going by lulzintel has uploaded the full database of vegehome.pl, a Polish eco-friendly home products retailer. The actor states the breach occurred in April 2026 and exposed data belonging to over 100,000 customers. VegeHome's tagline "inspiracje mamy w naturze" (nature-inspired) positions it as an eco and natural lifestyle brand. The data was published as a free download for registered forum members.


The leaked data comes from a PrestaShop installation (identified by the ps_customer and ps_mail table structures) and contains the following fields:

  • Customer Identity: Customer IDs, first names, last names, email addresses, gender IDs, and birthdays.
  • Business Details: Company names, SIRET numbers (French/EU business registration identifiers), and APE codes (business activity classification). This suggests VegeHome serves both individual consumers and business customers.
  • Credentials and Security: Hashed passwords (passwd field), last password generation timestamps, secure keys, password reset tokens, and password reset validity periods. The reset tokens and secure keys could allow account takeover if they are still valid.
  • Account Metadata: Shop group IDs, shop IDs, default group IDs, language IDs, risk IDs, newsletter subscription status, newsletter registration IPs, opt-in status, account creation dates, last update dates, active/deleted/guest flags, and notes.
  • Financial Settings: Outstanding allow amounts, show public prices flags, and max payment days, which are typically used for B2B customers with credit terms.
  • Mail System: A separate ps_mail table with mail IDs, recipients, templates, subjects, language IDs, and timestamps, exposing the store's internal email communication records with customers.

The combination of password reset tokens, secure keys, and hashed passwords makes this particularly actionable for attackers. If any reset tokens are still valid, they could be used for direct account takeover without needing to crack passwords. The B2B data (SIRET numbers, company names, payment terms) adds a business identity theft dimension beyond typical consumer e-commerce breaches.

Compromised Data Categories

Full Names Email Addresses Hashed Passwords Password Reset Tokens Secure Keys Birthdays Company Names & SIRET Numbers Newsletter & IP Data B2B Payment Terms Internal Mail Records Account Status & Metadata

Image Preview

Forum post by lulzintel uploading VegeHome.pl PrestaShop database with 100K+ customer records showing ps_customer SQL INSERT structure VegeHome database sample data and ps_mail table structure with lulzintel branding

Claim URL

Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers.
Subscribe
Subscriber Access View the original listing URL and unredacted claim images on the feeds below.
Threat Feed Ransomware Feed

MITRE ATT&CK Mapping

T1190 Exploit Public-Facing Application
Targets vulnerabilities in the PrestaShop e-commerce platform to gain unauthorized access to the production database containing customer records and internal mail data.
T1555 Credentials from Password Stores
Extracts hashed passwords, password reset tokens, secure keys, and password validity periods for 100,000+ customer accounts, enabling account takeover and credential stuffing attacks.
T1213 Data from Information Repositories
Extracts the complete PrestaShop database including customer profiles, B2B company details with SIRET numbers, account metadata, and internal mail communication records.
T1567 Exfiltration Over Web Service
Publishes the stolen e-commerce database as a free download on web forums, gated behind forum registration, with SQL dump samples provided publicly.

Dark Web Informer © 2026 | Cyber Threat Intelligence
DarkWebInformer.com

Related

Latest