What Happened
In early February 2025 (specifically between January 30 and February 3), Vorwerk, the German company behind Thermomix kitchen appliances, suffered a data breach on its recipe forum Rezeptwelt.de (thermomix.de) and associated sites like recipecommunity.com.au, affecting approximately 3.3 million users across countries including Germany, Spain, France, Italy, Poland, Portugal, Australia, Czech Republic, and New Zealand. Unauthorized actors exploited a vulnerability on a secondary server managed by an external service provider, exposing personal data such as names, addresses, dates of birth, phone numbers, email addresses, cooking preferences, and bios (usernames in some reports), but no passwords, financial information, or internal systems were compromised. Vorwerk promptly detected the incident, took the server offline, resolved the vulnerability, notified affected users (e.g., on February 7), partnered with authorities and cybersecurity experts, and advised vigilance against phishing; the stolen data later appeared for sale on darknet forums.
