A significant data breach occurred at Vorwerk, the company behind Thermomix, which impacted its recipe forum, rezeptwelt.de. The breach, which took place between January 30 and February 3, 2025, exposed personal data from millions of forum members. The data, which includes email addresses, phone numbers, and cooking preferences, is now being sold on the Darknet. Although Vorwerk was quick to address the incident, they are urging caution as the stolen information could be used in phishing attacks.
The breach specifically affected around 1 million German users, as well as hundreds of thousands of users from other countries, including the UK, Spain, Italy, France, Poland, and Portugal. Vorwerk has reassured users that other systems, including their online store, were not compromised. The breach occurred not on Vorwerk’s servers, but at an external service provider, which hosted the forum. While the breach was quickly contained, the exact cause remains unclear, with some speculating that the attackers may have exploited an open API to access user data.
The stolen data has been listed for sale on the Darknet for $1,500, although the lack of hashed or plaintext passwords in the leak suggests the attackers did not gain full access to the database.
The data leak has already made its way to the “Have I Been Pwned” database, a website where users can check if their data has been compromised. The leak’s credibility is further supported by the fact that some of the demo data sets provided by the attacker appear authentic, according to HIBP’s random verification process.
As the data leak spreads, Vorwerk has contacted affected users and regulatory authorities to manage the aftermath. They continue to investigate the attack’s origins and how the attackers were able to infiltrate the system. The breach highlights the ongoing risk of data leaks, with many companies facing similar security issues. In the wake of the incident, Vorwerk is advising all users to be extra cautious, particularly with phishing scams targeting their personal data.
Reference:
