Vincci (vincci.ru), a prominent Russian online retailer specializing in plumbing fixtures, bathroom furniture, and accessories, has allegedly become the victim of a significant data breach. The company, which serves customers across Russia, now faces the exposure of sensitive customer information after its database was reportedly compromised and subsequently posted on a hacking forum. The threat actor is offering the database for free, increasing the potential for widespread misuse of the stolen data.
The leaked dataset allegedly contains a vast array of personal identifiable information (PII) belonging to the company’s customers. The structure of the shared data suggests a comprehensive breach of the user database. This incident places affected individuals at high risk of various cyber threats, including targeted phishing attacks, identity theft, and spam campaigns. The exposure of such detailed information could allow malicious actors to craft convincing scams or attempt to gain unauthorized access to other accounts where users might have reused credentials.
Based on the information shared by the threat actor, the compromised data allegedly includes the following details:
- Full Names
- Usernames and Logins
- Email Addresses
- Hashed Passwords
- Phone Numbers
- Personal and Work Addresses (City, State, ZIP)
- Registration and Last Login Dates
