Spanish online electronics retailer, Electropolis.es, has allegedly suffered a significant data breach, with a threat actor claiming to have stolen a full database containing the information of over 100,000 customers. Electropolis is an e-commerce company based in Albacete, Spain, that has been operating since 2009, selling a wide range of electronics, gadgets, and other goods to customers in Spain, Portugal, France, Italy, the USA, and other countries. The alleged breach was announced on a hacking forum, where the perpetrator is offering the data for sale.
The threat actor claims to have obtained complete database access, CRM access with SMTP, and invoicing capabilities. Screenshots shared as proof of the breach appear to show backend access to the company’s sales and invoicing systems, as well as a list of database files. The compromised information allegedly includes a wide range of sensitive customer and corporate data. If the claims are authentic, this incident could expose customers to a high risk of phishing attacks, fraud, and identity theft.
Based on the evidence provided, the allegedly leaked data includes:
- Customer accounts and contact information
- Postal codes and physical addresses
- Sales, invoicing, and accounting diaries
- Bank account details
- Internal file system records and cron job schedules
- Customer relationship management (CRM) data
