Skip to content
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber

On 17 November 2025, Eurofiber β€” the French subsidiary of the Dutch fibre-network and cloud-infrastructure operator β€” disclosed a major data breach after an attacker attempted to sell stolen customer data online. The intrusion was detected on 13 November and affected the company's internal ticket-management platform and its ATE customer portal, also used by the regional brands Eurafibre, FullSave, Netiwan, and Avelia.

The attacker, operating under the alias ByteToBreach, exploited an SQL-injection vulnerability in an outdated deployment of GLPI, the open-source IT service-management software, and is reported to have exfiltrated data over roughly ten days. Because Eurofiber provides connectivity to large enterprises and public institutions, the leaked records concern more than 3,600 organisations, reportedly including names such as Airbus, Thales, Orange, SNCF, AXA, Engie, TotalEnergies, several French ministries, and retailers like Decathlon and Fnac.

Exposed data categories reportedly include:

  • Hashed account passwords (around 10,000 password hashes)
  • SSH private keys and VPN configuration files
  • API tokens and internal authentication credentials
  • Cryptographic certificates
  • SQL backups and source code
  • Support-ticket histories and service/network configurations

Eurofiber says it patched the vulnerability within the first hours of detection, placed the affected systems under enhanced monitoring, and kept services operational. The company notified the CNIL and ANSSI, filed an extortion complaint, and stated that banking details and sensitive data held in other systems were not affected.

Sources

  1. socradar.iohttps://socradar.io/eurofiber-breach-critical-infrastructure-data-europe/
  2. techzine.euhttps://www.techzine.eu/news/security/136373/eurofiber-reports-data-breach-in-france-major-customers-affected/
  3. eurofiber.comhttps://www.eurofiber.com/fr-fr/actualites/incident-de-cybersecurite-chez-eurofiber-france
  4. cybernews.comhttps://cybernews.com/security/eurofiber-france-discloses-data-breach/
  5. journaldugeek.comhttps://www.journaldugeek.com/2025/11/22/eurofiber-une-enorme-fuite-de-donnees-touche-de-nombreuses-entreprises-francaises/

Related incidents

Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers β€” exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details β€” was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K
Data breachContained

Leak at Bouygues Telecom

On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

Victim
Bouygues Telecom
Records
6.4M