Shocking data leak. Thousands of Poles at risk

Haker przed laptopem, zdjęcie ilustracyjne

The data of over 200,000 Poles, including telephone numbers and addresses, were found online after a cyber attack on an online store. Check what is known about the incident.

According to eportal cyberdefence24, personal data of over 200,000 Polish men and women were stolen from a popular online store offering bathroom fittings and household appliances. Cybercriminals from the Funksec group disclosed files containing e-mail addresses, telephone numbers, residential addresses and password hashes of customers.

Attack on an online store

The incident occurred on December 19, 2024, when the Funksec group announced that it had carried out an attack on the sklepBaterie.pl online store. As part of the ransom demand for $10 million, cybercriminals provided evidence in the form of screenshots and fragments of stolen files. After their demands were not met, on January 6, 2025, they published some of the data online.

Despite previous announcements regarding the publication of 28 gigabytes of data, a much smaller archive of 32 megabytes was released online. These files contain information about the store’s customers, including their personal data.

Details of the leak

After unpacking the published archive, 69 files in the .csv format were revealed, with a total weight of 112 megabytes. One of the main documents contained over 218,000 records that included logins, phone numbers, e-mail addresses, password hashes, as well as user names and surnames.

Most passwords were stored using the bcrypt algorithm, but some were secured with the less secure MD5. Of all records, as many as 41% of e-mail addresses came from the @gmail.com domain and 18% from @wp.pl. There were 176,000 phone numbers in the “phone” column, which highlights the scale of the leak.

Company activities

In connection with the incident, sklepBaterie.pl informed the relevant institutions, including CBZC and UODO, and conducted an analysis of its systems. The company says the data may come from an archived database and that current infrastructure shows no signs of unauthorized access.

As part of preventive measures, a leak was also reported to CERT Polska and an attempt was made to remove the data from the hosting platform on which it was published.

Danger to users

This leak poses a serious threat to users, especially those who use the same login details on different websites. It is worth recalling that duplicating the same passwords in different places is a highly dangerous practice, increasing the risk of identity theft.

Experts remind us to change passwords and monitor suspicious activity on accounts related to leaked data.

Similar Posts