Skip to content
Data breachContained

Leak at EasyCash

A threat actor put a customer database stolen from second-hand retailer EasyCash up for sale on a hacking forum, exposing roughly 14 million records — names, dates of birth, postal addresses, phone numbers and email addresses — apparently extracted via a compromised internal/partner account.

Victim
EasyCash

On 7 January 2026, EasyCash — a French chain specialising in the purchase and resale of second-hand goods (electronics, video games, household items) — was hit by a large-scale customer data leak. A threat actor advertised an EasyCash customer database on a specialised hacking forum, with the largest file holding roughly 14 million records said to span the retailer's customer base built up over many years.

The available evidence points to a compromised account — internal, partner or API — being abused to extract the database in bulk, allowing the attacker to bypass standard protections while exporting structured, coherent data. The records combined core customer identification with contact details and loyalty-programme information, making it possible to reconstruct detailed customer profiles.

Exposed data categories included:

  • First and last name
  • Date of birth
  • Postal address
  • Phone number
  • Email address
  • Loyalty card numbers / customer identifiers

EasyCash is reported to have blocked the abused access shortly after the intrusion, and the company had already been linked to an earlier data-loss incident, underlining recurring exposure. No bank details or account passwords were reported as part of this dataset. The exact origin and full scope of the leak were not officially confirmed by the company at the time of disclosure.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/easy-cash-une-nouvelle-fuite-massive-de-17-millions-de-donnees/
  2. usine-digitale.frhttps://www.usine-digitale.fr/article/le-reseau-d-achat-revente-easy-cash-previent-ses-clients-d-une-fuite-de-donnees.N2231075

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K