Brillen.de, a prominent German eyewear retailer is facing reputational and security fallout after customer data surfaced on a darknet forum. Threat actors behind the breach published a post advertising the dataset, claiming it contains more than 1.5 million unique customer records. The discovery has raised fresh concerns about data security and the growing scale of cyberattacks targeting consumer-facing companies, placing both the retailer and its customers at heightened risk of fraud and phishing attempts.
About Brillen.de
Established in Germany in 2012, brillen.de operates as an eyewear retail platform that connects customers with a network of partner opticians. The company handles all the marketing, pricing, and order processing. The company focuses on high-volume sales of prescription glasses across several European markets.
Repeat Offenders
Unfortunately, brillen.de is not unfamiliar with such incidents. Back in 2024, an employee accidentally left a critical port open after testing, allowing unprotected access to the company’s API and resulting in a data leak impacting over 3 million customers. It remains unclear what method was used in the latest breach, as it is very recent and information is still limited, but it nevertheless raises serious questions.
Some of the information reportedly being distributed on the dark web includes full names, dates of birth, addresses, gender, and contact information such as email addresses and phone numbers. While no government-issued identification or financial data appears to have been leaked, this is still highly sensitive information that can be used in sophisticated phishing campaigns, among many other types of scams.
Company Statement
Brillen.de published a response in German on its website acknowledging the breach, stating that it is a separate and unrelated incident from the 2024 exposure. This appears to support the attackers’ claims that the breach took place in late September 2025. The company also warned customers about potential risks arising from the incident, including scams and phishing attempts, and clarified that passwords and financial information remained unaffected.
Conclusion
In an era of escalating and increasingly brazen cybercrime, this latest breach comes as little surprise. What is surprising, however, is that despite brillen.de handling massive amounts of customer data entirely online, their security appears to be so inadequate. Mistakes can happen, but the fact that this follows a major breach in 2024 is particularly concerning. It is even more troubling that the company only discovered and confirmed the breach after darknet monitors detected the data being marketed on darknet forums.
0 Comments