Leak at Guiot de Bourg
On 24 January 2026, a customer database from French silver-jewelry brand Guiot de Bourg covering some 90,000 e-commerce accounts surfaced online, exposing names, emails, dates of birth, hashed passwords and order/payment metadata.
- Victim
- Guiot de Bourg
On 24 January 2026, Guiot de Bourg β a Paris-based silver-jewelry brand (founded 1905) that sells online via guiotdebourg.fr β was named as the source of a leaked customer database. A threat actor circulated an export of roughly 90,000 customer accounts from the brand's e-commerce store, surfaced through the French breach tracker bonjourlafuite.eu.org.
The leak appears to be a dump of the online store's customer table rather than a targeted intrusion confirmed by the company. The exposed records combine identity and account-security fields with order and payment metadata, which would let an attacker impersonate customers, attempt account takeover, and craft convincing phishing.
Exposed data categories include:
- Full name (last name, first name)
- Email address
- Hashed password and password-reset token
- Date of birth
- Newsletter sign-up IP address
- Authorized purchase amount and payment terms
- Guest/registered status and account-deletion flags
- Account secret key
The presence of password-reset tokens and per-account secret keys is notable: if still valid, they could be abused to hijack accounts even though the passwords themselves were stored hashed. As of disclosure the breach was claimed but not independently confirmed, and no public statement, regulator filing or remediation detail had been published, so the status remains unknown.
Sources
- bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Guiot%20de%20Bourg-2026-01-24
- guiotdebourg.frhttps://www.guiotdebourg.fr/en/