41,000 customers affected by a claimed leak at Innovorder
On 21 February 2026, Innovorder — a French SaaS provider of POS and management software for the foodservice industry — confirmed a data breach after a dataset of around 41,000 records, accessed via credentials compromised in an unrelated breach, was offered on a hacking forum.
- Victim
- Innovorder
- records
- 41.0K
On 21 February 2026, Innovorder — a Paris-based software publisher whose all-in-one SaaS platform powers point-of-sale, kiosks, online ordering and back-office management for restaurants and contract caterers — confirmed a data breach after a dataset of roughly 41,000 records was advertised on a hacking forum.
According to Innovorder's own confirmation, the intrusion did not stem from a flaw in its platform but from credentials that had been compromised in a separate, earlier data breach. The reused login allowed the attacker to reach a portal and exfiltrate a database of around 41,000 rows — a textbook example of how one breach cascades into the next.
The leaked records relate to Innovorder's restaurant and foodservice customers. Exposed data categories reported around the claim include:
- Customer/account identifiers
- Contact details associated with the affected portal
- Records tied to the restaurant-management database (~41,000 rows)
Innovorder publicly acknowledged the incident and attributed it to the compromised third-party credentials. The scale of around 41,000 records reflects the attacker's claim; the company's confirmation indicates the access vector was identified and addressed.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-21-innovorder
- x.comhttps://x.com/Ced_haurus/status/2026389791848137139