Cyber Incident Victim: Vorwerk

Between January 30 and February 3, 2025, unauthorized actors gained access to a subordinate server managed by an external service provider supporting Rezeptwelt.de, a Thermomix recipe-sharing forum operated by Vorwerk. The attackers exfiltrated user profile data from the platform, compromising information belonging to 3.3 million registered users. The stolen dataset included full names, physical addresses, birthdates, telephone numbers, and email addresses, contingent upon the details voluntarily provided by individual forum members during account creation or profile updates. Forensic analysis confirmed the breach did not involve extraction of sensitive authentication credentials such as passwords or financial payment information, though Vorwerk acknowledged it could not definitively rule out potential password exposure. The intrusion was confined to the Rezeptwelt.de forum infrastructure, with no evidence of compromise affecting Vorwerk's primary commercial platforms like Cookidoo or its corporate webshop.

Vorwerk's security team disabled the compromised server upon identifying the breach, effectively terminating unauthorized access by February 3. The company subsequently implemented patches to address the vulnerability exploited in the attack and initiated coordination with law enforcement agencies to investigate the incident. Public disclosure occurred after the Spiegel reported the appearance of the stolen dataset in darknet marketplaces, where threat actors advertised it for fraudulent exploitation. Vorwerk issued a formal apology to affected users, advising heightened vigilance against potential phishing attempts leveraging the stolen contact details. The firm directed concerned individuals to contact its data protection officer but did not confirm whether it would provide credit monitoring services or other remediation beyond technical containment. Operational restoration timelines for Rezeptwelt.de remained unspecified in available communications.