Scalextric.es, the official Spanish online retailer for the popular slot car racing system, has allegedly been compromised by a threat actor. The individual is currently listing a database for sale on a cybercrime forum, claiming it originates from the toy manufacturer’s Spanish platform. The leak, dated 2025, reportedly consists of 100,000 lines of data.
According to the actor, the compromised database contains significant personal information belonging to customers. Analysis of the provided samples indicates the exposure of the following data points:
-
Full names
-
Email addresses
-
Hashed passwords (bcrypt)
-
Physical addresses (Street, City, Zip Code)
-
Phone numbers (Mobile and Landline)
-
National Identity Numbers (DNI)
-
Company names and VAT numbers (for business clients)
-
IP addresses
-
Customer support messages and order notes
