Skip to content

Incidents in country:

Germany

19 incidents catalogued

Credential stuffingOngoing

FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls

A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials β€” including plaintext passwords β€” for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.

Victim
Organizations running Fortinet FortiGate firewalls worldwide
Data breachResolved

Samsung Germany Customer Tickets data breach (2025)

In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items…

Victim
Samsung Germany Customer Tickets
Records
216.3K
Data breachResolved

Thermomix Recipe World Forum data breach (2025)

In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related).

Victim
Thermomix Recipe World Forum
Records
3.1M
Data breachResolved

schenkYOU data breach (2024)

In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes.

Victim
schenkYOU
Records
237.3K
Data breachResolved

Fitmart data breach (2021)

In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version.

Victim
Fitmart
Records
214.5K
Data breachResolved

Knuddels data breach (2018)

In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined €20k for the breach.

Victim
Knuddels
Records
808.3K
EspionageResolved

German Bundestag intrusion (APT28)

Russian GRU Unit 26165 (APT28 / Fancy Bear) compromised the Bundestag's parliamentary network, exfiltrating ~16 GB of data including emails from Chancellor Merkel's parliamentary office. Forced a full Bundestag IT estate rebuild.

Victim
Deutscher Bundestag (German federal parliament)
Loss
$22.0M