PlanetaObuvi.ru

In June 2020 the Russian online footwear retailer PlanetaObuvi experienced a significant security breach resulting in the exposure of its customer database. An unauthorized party managed to extract a SQL dump containing sensitive information of approximately 20000 registered users along with 60000 order records. The compromise included personal identification details and historical transaction data. Analysis of the leaked material suggests that the breach occurred due to vulnerabilities in the web application allowing for database extraction. The exposed passwords were encrypted using the weak MD5 hashing algorithm which is highly susceptible to cracking through brute force or rainbow table attacks.