What Happened
In April 2026, Polish eco-friendly e-commerce retailer Vegehome.pl, operating on the PrestaShop platform, suffered a data breach when threat actor “lulzintel” exfiltrated and publicly leaked over 100,000 customer records on hacker forums. The exposed data from tables like `ps_customer` and `ps_mail` included customer identities (names, emails, birthdays, gender), hashed passwords, password reset tokens, secure keys, account metadata, B2B details (company names, SIRET numbers, APE codes, payment terms), and internal email records, enabling risks like credential stuffing, account takeovers, and targeted phishing. The breach likely stemmed from an unpatched PrestaShop vulnerability, compromised module, or admin misconfiguration, with the full database released for free download around April 13, 2026.
