A threat actor has allegedly put a database belonging to the Spanish fashion brand, Brownie, up for sale on a hacking forum. Brownie is a popular clothing and accessories company based in Spain, with a significant presence across Europe and a strong appeal to a younger demographic. The seller claims the database contains sensitive information belonging to more than 600,000 customers of the company.
The post, made by a newly registered forum member on August 8, 2025, details that the compromised data amounts to 2.9GB and is organized into 571 separate tables. The threat actor is offering the entire database in CSV format and has provided a detailed breakdown of the most important tables to prove the legitimacy of the data. This alleged breach could expose a vast number of Brownie’s customers to risks of fraud, phishing attacks, and identity theft.
According to the forum post, the leaked data includes a wide range of sensitive information:
- Customer Information: Full names, email addresses, phone numbers, dates of birth, IP addresses, and hashed passwords.
- Transaction Data: Stripe transaction details including payment intent IDs, customer IDs, order amounts, currency, credit card type, expiration dates, and the last four digits of the credit card number.
- Address Information: Full shipping and billing addresses, including names, streets, cities, and postal codes.
