36.7 thousand – that’s the number of XLM.pl’s bookstore users whose data was recently offered for sale.

Bookshop customers have received e-mails with the subject “Hacked” in which a sale offer for store database was made. About one hundred of distressed users informed Niebezpiecznik cybersecurity website about this fact.

From the provided e-mail we can find out that leak contains information regarding almost 37 thousand users, about 88 thousand store orders and payments for the amount exceeding PLN 11 million. Interestingly, the criminals inform that they will sell the data to the first person willing to transfer 1 bitcoin to the provided wallet address.

According to XLM.pl’s statement posted on bookstore’s website leaked data contains information essential for placing order through the website, such as phone number, e-mail and shipping address. Store also informed users that credit card information was not leaked since such data is processed by external entities.

Following the leak all users accounts have been reset, therefore previously used password are no longer valid. By default if user used same password on different website it is also recommended to reset the password on those specific sites. Store’s website was temporarily shut down following the attack and the hack was officially reported to the Police as well as to the Office for Personal Data Protection.