Skip to content
Data breachUnknown

28,000 customers and staff affected by a claimed leak at Immo-pop

On 8 February 2026, a threat actor claimed to have leaked data on roughly 28,000 customers and staff of Immo-pop, the French fixed-fee online real estate agency; the claim was logged by a French breach tracker and remains unverified by the company.

Victim
Immo-pop
records
28.0K

On 8 February 2026, Immo-pop — a French fixed-fee online real estate agency (founded in 2016 in Bordeaux, immo-pop.com) — was named as the victim of a claimed data leak. A threat actor asserted possession of records covering both customers and staff, with the French breach tracker Fuites Infos logging the claim as affecting close to 28,000 people.

The incident is recorded as a "claimed" (revendiquée) leak: it is based on an attacker's assertion of holding or exposing the data, rather than on a confirmation by Immo-pop or an independent technical investigation. As of this disclosure, no public statement from the company, no regulator notice, and no independent news reporting corroborate the figure or detail the intrusion method.

Because the entry concerns an online agency that handles property sale files, the data potentially at risk for such a platform typically includes:

  • Names and contact details (email, phone, postal address) of sellers, buyers and staff
  • Property listing and transaction information
  • Administrative documents tied to real estate mandates

Scale is reported by the tracker as approximately 28,000 individuals (customers and staff combined). The status remains unknown pending verification, and people who have used Immo-pop should treat any unexpected emails, calls or messages referencing their property dealings with caution.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-08-immo-pop
  2. immo-pop.comhttps://www.immo-pop.com/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise