Alltricks: more than 820,000 customer accounts for sale on the dark web
In April 2026, a database of more than 820,000 Alltricks customer accounts (roughly 105 MB) was put up for sale on dark web forums, exposing names, emails, dates of birth, postal addresses, mobile numbers and loyalty data; the retailer disputes that the data came from its systems.
- Victim
- Alltricks
- records
- 820.0K
On 4 April 2026, Alltricks β a French online retailer specialising in cycling, running and outdoor sports equipment β was named as the victim of a large customer-data leak after a database of more than 820,000 accounts surfaced for sale on dark web forums. The file, around 105 MB in size, was offered without a fixed price with open bidding, a sign of active distribution among cybercriminals.
According to the listing, the database contained detailed customer profiles. The exposed data categories include:
- First name, surname and title (civility)
- Email address and mobile phone number
- Date of birth
- Postal address, postal code and city
- Contact preferences and account validation status
- Loyalty credits / points information
The leaked records did not appear to include passwords or payment-card data. The incident follows an earlier compromise in August 2025, when Alltricks' email-sending system was abused to distribute convincing phishing campaigns.
Alltricks said it had carried out in-depth investigations across all of its databases and stated that the information in circulation did not originate from its systems, citing several significant inconsistencies with its internal records. The company suggested that, if the data proved authentic, it could stem from a third-party service provider or a legacy data source. The origin and full authenticity of the dataset remain unconfirmed.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/alltricks-plus-de-820-000-comptes-clients-en-vente-sur-le-darknet/
- frenchbreaches.comhttps://frenchbreaches.com/blog/fuite-de-donnees-chez-alltricks-plus-de-821-000-clients-exposes