Leak at Eurofiber
In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.
- Victim
- Eurofiber
On 17 November 2025, Eurofiber β the French subsidiary of the Dutch fibre-network and cloud-infrastructure operator β disclosed a major data breach after an attacker attempted to sell stolen customer data online. The intrusion was detected on 13 November and affected the company's internal ticket-management platform and its ATE customer portal, also used by the regional brands Eurafibre, FullSave, Netiwan, and Avelia.
The attacker, operating under the alias ByteToBreach, exploited an SQL-injection vulnerability in an outdated deployment of GLPI, the open-source IT service-management software, and is reported to have exfiltrated data over roughly ten days. Because Eurofiber provides connectivity to large enterprises and public institutions, the leaked records concern more than 3,600 organisations, reportedly including names such as Airbus, Thales, Orange, SNCF, AXA, Engie, TotalEnergies, several French ministries, and retailers like Decathlon and Fnac.
Exposed data categories reportedly include:
- Hashed account passwords (around 10,000 password hashes)
- SSH private keys and VPN configuration files
- API tokens and internal authentication credentials
- Cryptographic certificates
- SQL backups and source code
- Support-ticket histories and service/network configurations
Eurofiber says it patched the vulnerability within the first hours of detection, placed the affected systems under enhanced monitoring, and kept services operational. The company notified the CNIL and ANSSI, filed an extortion complaint, and stated that banking details and sensitive data held in other systems were not affected.
Sources
- socradar.iohttps://socradar.io/eurofiber-breach-critical-infrastructure-data-europe/
- techzine.euhttps://www.techzine.eu/news/security/136373/eurofiber-reports-data-breach-in-france-major-customers-affected/
- eurofiber.comhttps://www.eurofiber.com/fr-fr/actualites/incident-de-cybersecurite-chez-eurofiber-france
- cybernews.comhttps://cybernews.com/security/eurofiber-france-discloses-data-breach/
- journaldugeek.comhttps://www.journaldugeek.com/2025/11/22/eurofiber-une-enorme-fuite-de-donnees-touche-de-nombreuses-entreprises-francaises/