A security breach has compromised the privacy of thousands of Mi Electro Spain customers. The e-commerce platform and electronics store network confirms the exposure of personal data after the publication of a database on clandestine forums.
The threat actor known as creepy vault claims to possess more than 68,000 user records from the company. This figure represents a significant portion of the brand's customer base, which groups small businesses under the same digital identity.
Data sale detected in May
The analysis carried out by VECERT Analyzer identified the offering for sale of this information on May 3, 2026. Cybersecurity experts verified that the files corresponded to the national retailer of appliances and technology.
"The database belongs to the appliance and technology retailer Mi Electro in Spain" - VECERT Analyzer, technical report
Among the leaked information are unique identifiers, email addresses, and full names. The files also include surnames, dates of birth, and cities of residence of those affected.
This exhibition puts the digital identity of buyers at risk. Criminals can use this data to carry out identity theft or more sophisticated social engineering attacks.
Mi Electro celebrates its anniversary while managing the crisis
The company is going through a delicate moment just as it celebrates its ninth anniversary with multiple commercial offers. Mi Electro was born in 2017 driven by the distribution group Eldisser and operates as a community of local stores.
The network has more than 500 establishments spread throughout the country. Its business model is based on the rapid delivery of orders in about 24 hours through the stores closest to the customer.
The main logistics center is located in Paterna, in the province of Valencia. These facilities add up to more than 65,000 square meters from where the distribution of merchandise is coordinated.
"Experts recommend changing passwords as soon as possible and activating multi-factor authentication" - Cybersecurity specialists, security recommendations
The outlet Escudo Digital contacted the company to confirm the veracity of the breach. The investigation seeks to clarify the exact scope of the incident and the immediate measures the company is implementing.
The attacker's name, creepy vault, refers to the disturbing social experiments of the Fallout video game saga. This detail adds a theatrical component to an action that has very real consequences for consumers.
The users' trust in the online platform is now called into question. The speed with which the company responds and protects its clients will determine the reputational impact of this event.