vegehome.pl data breach

vegehome.pl

What Happened

In April 2026, Polish eco-friendly e-commerce retailer Vegehome.pl, operating on the PrestaShop platform, suffered a data breach when threat actor “lulzintel” exfiltrated and publicly leaked over 100,000 customer records on hacker forums. The exposed data from tables like `ps_customer` and `ps_mail` included customer identities (names, emails, birthdays, gender), hashed passwords, password reset tokens, secure keys, account metadata, B2B details (company names, SIRET numbers, APE codes, payment terms), and internal email records, enabling risks like credential stuffing, account takeovers, and targeted phishing. The breach likely stemmed from an unpatched PrestaShop vulnerability, compromised module, or admin misconfiguration, with the full database released for free download around April 13, 2026.

Compromised Assets

  • email
  • password
  • full name
  • phone
  • ip

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches