Leak at Alltricks
In August 2025, French online cycling and sports retailer Alltricks had its Sendinblue/Brevo email-marketing system compromised; attackers sent customers convincing phishing emails from the brand's own infrastructure, exposing names, email addresses and purchase history.
- Victim
- Alltricks
On 12 August 2025, Alltricks β a French online retailer of cycling, running and outdoor sports equipment β disclosed an intrusion into its email-marketing system. On the morning of 11 August, customers began receiving emails that appeared completely genuine: they were sent from the brand's legitimate sending domain (r.sb3.alltricks.com) and passed all SPF, DKIM and DMARC authentication checks, making them invisible to standard anti-phishing filters.
The messages were in fact a phishing campaign. They prompted recipients to renew their password or open Excel and OneDrive documents, leading to fake pages designed to harvest login credentials. The attack was traced to a compromise of the account Alltricks used with its marketing-email provider Sendinblue (Brevo): attackers abused the retailer's own trusted sending infrastructure to deliver the lures.
Exposed data categories appear to include:
- Customer first and last names
- Email addresses
- Purchase / transaction history (used to personalise the lures)
Alltricks stated that no payment or banking data was affected. The company alerted customers the same day, urged them not to open the messages, said it was implementing measures to secure its system, and indicated it would notify France's data-protection regulator (CNIL) as required by law. An internal investigation was opened to determine the full scope of any data exfiltration. (This August 2025 email-system intrusion is distinct from a separate, larger Alltricks customer-database leak reported later.)
Sources
- zataz.comhttps://www.zataz.com/intrusion-chez-alltricks-comment-des-mails-frauduleux-ont-passe-tous-les-filtres/
- next.inkhttps://next.ink/195409/alltricks-pirate-de-faux-mails-avec-de-vrais-pieges-envoyes-aux-clients/
- frenchbreaches.comhttps://frenchbreaches.com/alertes/alltricks-a0d5393f8210