Skip to content
Data breachUnknown

Leak at GDQuest

On 30 March 2026, a database from GDQuest — a French e-learning platform for the Godot game engine — surfaced on a hacking forum, exposing learners' email addresses, usernames/account slugs and the titles and prices of purchased courses.

Victim
GDQuest

On 30 March 2026, GDQuest — a French e-learning platform that produces tutorials and courses for the open-source Godot game engine — was listed in a leak after a database of its users surfaced on a hacking forum.

The exposed data did not include payment card numbers or, in the published sample, account passwords, but it tied learners' identities to their purchase history. Reported categories include:

  • Email addresses
  • Usernames and account slugs
  • Titles and prices of courses purchased
  • Unique user identifiers and customer status

The trove was offered on a dark-web forum; one analysis put the dataset at roughly 66,000 records, though this figure comes from the threat actor's own claim and has not been independently confirmed. The combination of email addresses and detailed purchase history is well suited to highly targeted phishing and credential-stuffing campaigns against the game-development community.

GDQuest does not appear to have published a statement confirming the incident, and the underlying attack vector has not been disclosed. The status of any remediation is unknown.

Sources

  1. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#GDQuest-2026-03-30
  2. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-the-alleged-database-of-gdquest-school-is-leaked/

Related incidents