Skip to content
Data breachContained

713,814 people affected by a claimed data leak at ImmoJeune

On 5 March 2026, a database of 713,814 people who had submitted rental applications on the French student-housing platform ImmoJeune was offered for sale on a cybercrime forum, exposing names, emails, phone numbers, postal addresses and income details.

Victim
ImmoJeune
records
713.8K

On 5 March 2026, ImmoJeune — a French online platform that connects students and young professionals with rental housing — became the subject of a data-breach claim when a seller offered a database of 713,814 people on a cybercrime forum. The records belonged to individuals who had submitted rental applications through the service.

ImmoJeune later confirmed the security incident in an email to its users. The intrusion did not stem from a direct compromise of ImmoJeune's own systems: attackers reused login credentials belonging to a real-estate agency client to access the ImmoJeunePro professional backend and extract applicant data.

The exposed information reportedly included:

  • Full names, email addresses and phone numbers
  • Postal addresses
  • Income-related information
  • For more recent applicants, identity documents and income-verification files

The company stated that passwords, banking data and social security numbers were not affected. In response, ImmoJeune blocked the compromised accounts and replaced password-based authentication with a unique-link access system. It warned users that the exposed rental application data could fuel targeted fraud and identity-theft attempts.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-03-05-immojeune
  2. cyberattaque.orghttps://www.cyberattaque.org/immojeune-fuite-de-donnees-confirmee-apres-un-acces-frauduleux/
  3. frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-immojeune-plus-de-713-000-candidats-au-logement-etudiant-potentiellement-exposes

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise