Table of Contents
What customer data was leaked in the brillen.de 2026 data breach?
The German eyewear retailer brillen.de experienced two significant data security incidents between 2024 and 2026. The company first suffered a massive data exposure in August 2024. In a separate, targeted attack in September 2025, hackers stole over 1.5 million customer records, which later surfaced for sale on the dark web in February 2026.
The August 2024 Data Exposure
On August 8, 2024, cybersecurity researchers from Cybernews discovered an unsecured Elasticsearch cluster belonging to brillen.de. A configuration error left the database accessible without authentication, exposing the data of over 3.5 million European customers.
The exposed information included full names, addresses, email addresses, phone numbers, genders, dates of birth, and detailed order information such as invoice amounts and dates. Most of the affected customers were from Germany, Spain, and Austria. After researchers notified the company, brillen.de quietly secured the database on August 10, 2024.
The September 2025 Cyberattack and Dark Web Leak
Following the 2024 exposure, brillen.de initiated continuous darknet monitoring. In February 2026, this monitoring detected customer data circulating on a dark web forum. Forensic investigations revealed that a targeted cyberattack in September 2025 caused this new breach.
On February 12, 2026, a threat actor using the alias “Meow” offered exactly 1,531,618 brillen.de customer data points for sale on the dark web. The stolen data from the 2025 attack includes personal information such as names, addresses, email addresses, telephone numbers, and dates of birth, but the company confirmed that passwords, payment details, order information, and vision prescriptions were not compromised.