DB Telecom: a 40k-customer database put up for sale
Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.
- Victim
- DB Telecom
- records
- 2.8M
On 10 April 2026, DB Telecom — a Marseille-based IP-telephony operator and integrator trading as Service Telecom and operating on the Orange/Or-Tel network — was reported to have had its entire database put up for sale by a threat actor. The data was advertised on a cybercrime channel around 8 April, with the tracker reporting the breach on 10 April.
The seller claimed full access to the company's hosting environment (cPanel, phpMyAdmin, configuration files and backups), from which the complete database was exfiltrated. The dump covers roughly 41,470 customers and 2,835,372 individual records, spanning many years of the company's commercial activity.
The data offered for sale reportedly includes:
- Names, postal addresses, email addresses and phone numbers
- Plaintext customer passwords
- More than 210,000 complete email correspondences and tens of thousands of documents (invoices, contracts, commercial files)
- Connection logs with IP addresses and geolocation, plus tens of thousands of WordPress/account credentials
- Internal administrative logs and roughly 16 GB of source code
At the time of reporting the data was being actively marketed and DB Telecom's domain remained online. The exposure of plaintext passwords, full email histories and customer contact details creates a high risk of identity theft, account takeover and targeted phishing against affected customers.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/db-telecom-une-base-de-2-8-millions-dutilisateurs-mise-en-vente/
- x.comhttps://x.com/fuitesinfos/status/2042466100823117879