Platanomelon , a Spanish online store specializing in the sale of sextoys, finds itself in dire straits . Two former employees of Shopify, his partner, have indeed stolen the data of his customers. Extremely sensitive, the latter reveal a lot of information about their identity, but also their sexual tastes.
Very well established in Spain, Platanomelon therefore specialized in the sale of sex toys and erotic products.
The catalog is dense and it includes hundreds of different references, such as masturbators for men, vibrating cock rings, dildos or even massage products.
A sextoys site hit by an attack
Platanomelon, however, has not developed its own e-commerce solution and the site has therefore preferred to rely on the know-how and expertise of Shopify, a specialist in the genre.
However, we learn thanks to Hipertextual that the latter was the subject of a cleverly orchestrated attack, an attack which bore fruit and which resulted in a major data leak.
According to information from our colleagues, the hackers have therefore managed to penetrate the defenses of Shopify and get their hands on the data of Platanomelon customers. If their bank details remain inviolate, it is unfortunately quite different for their personal information.
Hackers have indeed managed to recover a lot of crucial data, data such as their name, first name, address, phone number or even… the items ordered.
This data breach is obviously problematic. It is for two main reasons.
A very problematic data breach
The first is obvious and relates to phishing. To launch campaigns with an interesting ROI, hackers must know a minimum of their targets. This is the reason why this type of data usually sells for gold on the darknet. They allow for more individualized campaigns.
As for the second reason, it obviously relates to privacy. As soon as you touch the realm of sex, or the intimate, the repercussions can be extremely serious. We also had proof of this with the attack that hit the libertine dating site AshleyMadison a few years ago. The owner of the site had refused to pay the ransom demanded by the attackers and the data had been made public, which had resulted in quite a few divorces, but also suicides.
We must of course hope that the situation will not get so bad this time, especially as the data breach would target thousands of accounts.
For their part, Shopify and Platanomelon announced that they had taken measures to prevent this type of incident from happening again and they also declared that they had filed a complaint. The Spanish agency specializing in data protection has also been notified, in accordance with the law.