A report from Dark Web Informer has raised questions about a possible data breach at Bol.com. On the platform X, the organization reports that a dataset containing approximately 400,000 customer records was allegedly offered for sale via a cybercrime forum.
The seller, using the name Jeffrey Epstein, claims that the data pertains to customers from Belgium. The seller further asserts that Bol.com serves approximately 14 million customers and that the dataset contains personal information, including usernames, email addresses, and phone numbers.
According to the claim, the dataset contains a combination of personal and account-related information. This includes names, addresses, dates of birth, and contact details, supplemented with data such as the date of the last login. The dataset is also said to contain identification numbers, though it is unclear exactly what type of data this refers to. Based on reports from Tweakers, it seems unlikely that these are official identity documents, as such data is not typically processed by the online store.
Response from Bol.com
Bol.com itself told Tweakers that it has no indications of a security incident. The company says it is investigating the report but emphasizes that its systems are functioning normally and that there are no signs pointing to a hack, data breach, or ransomware attack. Thus, there appears to be no confirmation at this time that the dataset being offered actually originates from the online store’s systems.
The incident demonstrates that claims about data dumps on underground forums do not automatically mean that a recent breach has occurred. Such datasets may also consist of older or aggregated data from previous incidents, or even contain inaccurate information. At the same time, the nature of the alleged data, if it proves to be authentic, could pose risks to affected customers, for example in the form of targeted phishing attempts or identity theft.
Also read: HackerOne hit by data breach via third-party partner