brillen.de: Customer data surfaced on the darknet after renewed attack
brillen.de was again the target of an IT attack. The perpetrators stole 1.5 million customer data records, which are now on the darknet.
(Image: heise medien)
The provider brillen.de has once again fallen victim to an IT attack. The criminals were able to exfiltrate customer data again. This time, information from 1.5 million customers is affected. The data can be used for more targeted phishing attacks, but identity theft may also be possible.
On the brillen.de website, the operators Supervista have published an updated notice. The company writes, “In February 2026, as part of our continuous darknet monitoring, we discovered that data records with customer information were published in a darknet forum.” Investigations revealed that this data originates from “a separate, targeted cyberattack that took place in September 2025.” Unauthorized individuals had gained access to customer data.
brillen.de data leak: Affected information
According to brillen.de, “personal data such as name, address, email address, phone number, and date of birth are impacted”; however, passwords, payment data, and vision values did not fall into the wrong hands. This also aligns with the information found in the darknet offering. On February 12th of this year, an attacker with the handle “Meow” posted the data of allegedly 1,531,618 customers there. He also stated that this is a new IT incident. “3.5 million data records were leaked from Elastic in 2024 and not leaked to the public. This is a late 2025 leak from their panel. The original files contain more than two million lines. But I analyzed them, and the result file contains 1.5 million entries,” the attacker wrote in the underground forum.
brillen.de states that a password change secured the entry point for the attacker(s). “Furthermore, we have immediately implemented additional security measures and involved external IT forensics experts,” the company explains. The incident has also been reported to the data protection supervisory authority. “We recommend that you exercise particular caution with unexpected contact and do not share sensitive information.”
Videos by heise
Already in October 2024, there was an IT incident at brillen.de, where 3.5 million customer data records were openly accessible online. An Elasticsearch instance of the company was accessible on the internet without prior authentication. About six weeks later, Supervista made the results of the investigations at that time public.
(dmk)
