Leak at EasyCash
A threat actor put a customer database stolen from second-hand retailer EasyCash up for sale on a hacking forum, exposing roughly 14 million records — names, dates of birth, postal addresses, phone numbers and email addresses — apparently extracted via a compromised internal/partner account.
- Victim
- EasyCash
On 7 January 2026, EasyCash — a French chain specialising in the purchase and resale of second-hand goods (electronics, video games, household items) — was hit by a large-scale customer data leak. A threat actor advertised an EasyCash customer database on a specialised hacking forum, with the largest file holding roughly 14 million records said to span the retailer's customer base built up over many years.
The available evidence points to a compromised account — internal, partner or API — being abused to extract the database in bulk, allowing the attacker to bypass standard protections while exporting structured, coherent data. The records combined core customer identification with contact details and loyalty-programme information, making it possible to reconstruct detailed customer profiles.
Exposed data categories included:
- First and last name
- Date of birth
- Postal address
- Phone number
- Email address
- Loyalty card numbers / customer identifiers
EasyCash is reported to have blocked the abused access shortly after the intrusion, and the company had already been linked to an earlier data-loss incident, underlining recurring exposure. No bank details or account passwords were reported as part of this dataset. The exact origin and full scope of the leak were not officially confirmed by the company at the time of disclosure.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/easy-cash-une-nouvelle-fuite-massive-de-17-millions-de-donnees/
- usine-digitale.frhttps://www.usine-digitale.fr/article/le-reseau-d-achat-revente-easy-cash-previent-ses-clients-d-une-fuite-de-donnees.N2231075