Apparent data leak at Ferienwohnungen.de

Criminals have apparently been able to steal data from the online booking portal Ferienwohnungen.de on a large scale, which they have since published on the darknet. A short countdown ran until midday on Thursday, and the Darknet site now shows "Published" on the tile. The published data can be accessed directly there.

The directory structure of the published data indicates that the attackers pulled a backup from July 10, 2025 from a Nextcloud instance. There are user directories, which in turn contain a lot of data. According to the file names, this includes contracts with major customers, invoicing, accounting information and apparently also information on the portal's employees. It was not possible to tell from the extensive file list whether data from the portal's private customers was also stored there; obvious SQL dumps or similar do not appear to be included.

No reaction

Ferienwohnungen.de did not respond to an inquiry from heise online, nor did the company behind it, Holidu GmbH. An inquiry to the Bavarian State Office for Data Protection Supervision has also remained unanswered to date.

This means that it is currently impossible to verify whether the data is genuine and how extensive the data leakage is. Anyone who booked their last vacation there should at least be particularly careful with incoming messages. The information stored on the Nextcloud instance goes back many years in some cases and could help phishers to bring a more authentic approach to the messages. Since the files suggest training by data protection officers, in theory at least there should be no data from private customers that goes back several years.

About a week ago, it became known that cyber criminals had infiltrated the HR software provider Infoniqa and were able to steal sensitive data.

(dmk)