Vacation portal targeted by cyber criminals

Book a vacation - and then turn up on the darknet? This is exactly what could have happened to users of the well-known Ferienwohnungen.de portal. A hacker group called Safepay claims to have broken into the systems. And the result? Apparently a massive data theft, which has now been published - quite openly on the Darknet.

Instead of threats, this time clear facts: The attackers let a countdown run down, then just said "Published". The published file structure contains material that appears to originate from a backup from July 10, 2025 - stored in a Nextcloud instance.

Contracts, invoices - and perhaps much more

What exactly was stolen? A look at the directories shows: contracts with major customers, internal invoices, accounting documents - and even documents relating to employees of the platform. Training documents for the data protection officer also appear.

What is striking: SQL dumps or obviously structured customer data do not appear to be included - at least at first glance. It is not yet possible to say whether private customers are also affected. But: Many files go back years, which could make phishing attempts particularly credible. Anyone who has booked there should therefore be particularly vigilant at the moment - caution with unexpected emails or calls is more than appropriate.

Radio silence from Ferienwohnungen.de and Holidu

What is particularly worrying is that neither Ferienwohnungen.de nor the company behind it, Holidu GmbH, have commented publicly on the incident. Even when asked by journalists, everything remained silent. And the Bavarian State Office for Data Protection Supervision has also remained silent.

No statement, no assessment, no notification to affected customers - although the General Data Protection Regulation actually requires a rapid response in such cases. Especially when personal data is affected.

What about data protection? Not a chance!

Anyone who handles sensitive data - and that's what a booking portal does - bears responsibility. Period. If this data is stolen and published, we expect one thing above all else: transparency.

The fact that Ferienwohnungen.de and Holidu have not yet shown any reaction is not only annoying - it is a real indictment. Customers have a right to know whether their data has been affected. And authorities should also be informed immediately. Anything else is grossly negligent.

Silence is not a strategy. Anyone operating in the digital world needs to be prepared - even for an emergency. And if that happens, please don't bury your head in the sand, but keep an open mind.

Our tip: Anyone who has recently booked via the portal should now be particularly careful. Do not enter any passwords in emails, look twice at suspicious messages - and keep an eye on your own account to be on the safe side.