-
Threat actor claims to be selling more than 50 million records allegedly tied to German marketplace Kleinanzeigen.
-
The purported dataset reportedly contains user information, transaction records, and payment-related details.
-
Researchers warn that transaction histories combined with personal data could enable highly targeted fraud campaigns.
A threat actor has allegedly placed a large database linked to German online marketplace Kleinanzeigen up for sale on an underground cybercrime forum, claiming the dataset contains more than 50 million records dating from 2025.
The alleged leak, first highlighted by Daily Dark Web Intelligence, reportedly includes a substantial amount of customer and transaction information connected to users of one of Germany’s largest online marketplaces.
At the time of publication, neither the authenticity of the data nor the source of the alleged compromise has been independently verified. Daily Dark Web Intelligence noted that it has not validated the seller’s claims. If confirmed, the incident could represent one of the largest alleged marketplace-related data exposures Germany has seen in recent years.
Marketplace Users Allegedly Exposed
According to the forum listing, the dataset allegedly contains both user information and transaction records associated with marketplace activity.
The seller claims the exposed information includes:
- Full names.
- Email addresses.
- Telephone numbers.
- Street addresses.
- City information.
- Purchase dates.
- Transaction dates.
- Payment descriptions.
- Transaction amounts in euros.
- Masked payment card numbers.
- Masked account identifiers.
The combination of identity information and transaction history significantly increases the potential value of the dataset to cybercriminals. Unlike many breaches that expose only contact information, transaction records can provide insight into customer behavior, spending habits, purchasing interests, and payment activity. Security researchers frequently warn that these details allow attackers to craft highly convincing fraud attempts.
Financial Fraud Risks as Bad Actors Target Online Marketplaces
Although the listing indicates that payment card numbers and account identifiers are masked, analysts say partial financial information can still be useful to threat actors.
The Daily Dark Web Intelligence noted that even partially masked financial data, when combined with contact information and transaction records, can substantially increase the effectiveness of fraud attempts.
Potential risks include:
- Phishing campaigns.
- Account takeover attempts.
- Social engineering attacks.
- Identity fraud.
- Payment scams.
- Marketplace impersonation attacks.
Online marketplaces continue to attract cybercriminal interest because they store large volumes of customer information, transaction histories, and payment-related data. These platforms often process millions of listings, messages, and transactions annually, creating extensive databases containing both personal and financial information.
European online marketplaces have increasingly faced cyber threats in recent years, including credential-stuffing attacks, phishing campaigns, account takeovers, and data theft incidents.
Questions Remain About the Alleged Breach
At present, several important questions remain unanswered. The threat actor has not publicly disclosed how the alleged data was obtained, whether the information originated from a direct compromise, third-party exposure, credential theft, or another source. The seller’s claims regarding the number of affected records have also not been independently confirmed.
Cybersecurity researchers caution that underground listings often contain exaggerated, recycled, or aggregated breach data. Threat actors may exaggerate record counts or fake data origins to increase value.
Nevertheless, large-scale marketplace databases remain highly sought-after commodities within cybercriminal communities due to the opportunities they create for financial fraud and identity theft.
The channels through which such data is sold are also evolving. Researchers have found that Telegram has overtaken the dark web as the primary medium for stolen data distribution.
If the alleged Kleinanzeigen dataset proves authentic, affected users could face an increased risk of phishing attacks and impersonation attempts that leverage actual transaction details to build trust. Until independent verification becomes available, the claims surrounding the alleged 50-million-record dataset should be treated as unconfirmed.
The incident shows that even limited transaction histories can be valuable to cybercriminals targeting online marketplace users.