A threat actor has allegedly leaked the data of over 12 million customers from the global sustainable fashion brand, Vivaia. The data appeared for sale on a dark web forum, with the seller claiming to have breached the company in early January 2025. Vivaia is a popular direct-to-consumer brand known for its stylish and eco-friendly footwear made from recycled materials, boasting a significant global customer base across more than 60 countries.
The individual who posted the data claims it was obtained on January 8, 2025. The compromised information allegedly contains sensitive customer details that could be exploited for phishing campaigns, identity theft, and other malicious activities. The seller has made the data available for purchase and has even offered to disclose the exploitation method to Vivaia’s administrators to help them secure their systems.
According to the forum post, the leaked database includes a range of personally identifiable information. The specific data points allegedly exposed are:
- Customer ID
- Full Name
- Email Address
- Phone Number
- Account Creation Time
