// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / Mytheresa
Breach Record

Mytheresa

DISCLOSED 2026-04-12 · STOLEN CREDS · 84,108 RECORDS EXPOSED

In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including...

The record

What we know

Disclosed
2026-04-12
Attack vector
Stolen Creds
Records exposed
84,108
Domain
mytheresa.com
Data classes exposed
Email addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchasesSalutations
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Mytheresa disclosure. It updates if new public reporting emerges. All tracked breaches →

Mytheresa just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →