Tokmanni - House of Opportunities?

That just sounds like too small a figure. Even the Tokmanni Club has over two million members. Why would only such a small portion of the customer data have leaked, and not all of it? Whether the data is genuine or AI-generated is probably the essential question. If Tokmanni’s sales have been going well, then a one-off slip-up like this could give short-selling firms an opportunity to close their shorts with a better return.

Online store customers? Online store customers who chose a specific payment method? Etc. There are plenty of possibilities that would limit the number of customers.

Additionally, Tokmanni has its own supplier portal for vendors. Hackers systematically exploit known security vulnerabilities, so has some component been left unpatched (and are updates their own responsibility or outsourced)?

I personally placed my last order without logging in, as that is also a valid way to order from the online store if you aren’t using any club discounts, but is it just as secure?

These do seem like online store purchases, and I wonder, if this data doesn’t originate from Tokmanni’s systems, then from where. There’s really nothing else to do but wait for what Tokmanni announces and hope that the situation isn’t quite as bad as it seems.

I looked at those screenshots. In the contact dump, there were quite a few rows per contact, and the IDs were surprisingly small. Similarly, in the order dump, there were multiple rows per order, suggesting it refers to a sample of orders from a certain time period, so it doesn’t concern 473,000 customers, but rather 473,000 order rows. Is this some legacy database that was left online? That’s one possibility.

I’ve been looking at those data samples, and it seems that this is old Tokmanni customer data from 2012–2013, which was archived in 2022 or 2023 and leaked in some context (e.g., during a CRM update) OR it has been faked to look authentic, for example, with the help of AI.

The data contains many addresses from windowslive.com, msn.com, and hotmail.com, which I assume are still in use but are now integrated into outlook.com. In other words, the data is old, and the information regarding potential customers dates back to 2012–2013. I want to emphasize that I didn’t verify the authenticity of the data any further and only examined the samples linked by the “hacker.”

According to the hacker, there are supposedly 473k rows (not 473k customers, but transactions), and they reveal the following:

Personal details: (names, emails, phone numbers, addresses, zip codes, cities), marketing permissions (opt-in/out), customer tiers (Silver/Gold, etc.), CRM metadata, order date (2012–2013), as well as how long the person has been a customer and when the customer’s information was last modified (2022–2024).

Also worth noting is that the “hacker’s” reputation score has plummeted on the BreachForums forum from +20 to -11 after the release of this data and especially the data concerning Argentina. The same individual appears to be selling other scraped, incomplete data from places like Tunisia, Bangladesh, Argentina, Thailand, and Taiwan.

image221×132 5.4 KB

I’ll conclude by saying that generating/faking this kind of incomplete and relatively generic data using AI, for example, would be very simple.

I’m not downplaying the situation if it turns out to be genuine old customer data, but I also want to stress that the data doesn’t contain anything that could be used for anything other than phishing; back in the day, you could get almost the same information from a phone book/Eniro and some light Googling. Finally, I’ll mention that I wanted to look into this more closely because I own Tokmanni shares and am a Tokmanni customer.

That’s all.

That is a good example of how when you buy from Finland, testing and potential recalls are carried out on products. So the system works. Plus, products have already undergone inspections before they end up on sale.

If you buy from China instead, that product might contain a substance that will kill you in ten years. You’ll know this in 10 years. Or actually, your family will know when the matter is investigated during an autopsy. Or they might not necessarily know even then where the lethal substance came from, but more detailed investigations will begin. Even after this, you can still buy this product from China.

These products were already on the market, so they haven’t been pre-checked, at least not in Finland.

The manufacturer itself has decided on a recall. Apparently, Tokman might have been the importer, since these haven’t been on sale elsewhere, I guess.

Product Recall: HTI Toys Stretcherz Toys (2602-0156) - GOV.UK

Stretcherz: ‘Stretch’ & ‘Slammers’

That isn’t some Finnish/Tokmanni-specific thing, but a manufacturer recall that applies worldwide(?). Reacting with a delay might be Tokmanni’s own thing.

”The toys have been sold at least in Tokmanni department stores and at Kärkkäinen, which have published a recall notice for the toys. According to Prisma’s website, toys named Stretch Squad have also been sold there, but there is no recall notice for the toys on the S-Group’s website.”

I feel that the discussion in this thread has recently gone completely off the rails. First, there’s an outcry over tabloid clickbait about a data leak whose veracity is entirely unconfirmed. Now, there’s a debate about asbestos toys, which is an issue for every private label brand. These matters could be hashed out in some other thread.

It’s nice, though, that Tokmanni’s weekly crises are met with good counter-arguments and contextualization from an investor’s perspective here. Soon we’ll have the figures to start dissecting the company’s fundamentals and see what kind of crisis is being priced in next.