Jour de Fête: 543,000 customer accounts leaked after a cyberattack
On 1 May 2026, a database holding 543,124 customer records attributed to boutique-jourdefete.com — the online store of French party-supplies retailer Jour de Fête — surfaced on a cybercrime forum, exposing names, emails, postal addresses, phone numbers and login tokens.
- Victim
- Jour de Fête
- records
- 543.1K
On 1 May 2026, Jour de Fête — a French retailer of party supplies, decorations and celebration accessories — was named in a data leak after a database attributed to its online store, boutique-jourdefete.com, was published on a cybercrime forum. The dataset reportedly held 543,124 customer records and was offered for sale at a low price (around $300), a hallmark of bulk consumer-data dumps.
The exact intrusion vector was not disclosed, and the publication appears to stem from criminal circles rather than from the retailer itself. The leaked records reportedly combined personal and technical customer data:
- Full names (first and last)
- Email addresses
- Complete postal/billing addresses
- Phone numbers
- Internal identifiers (user IDs, site IDs)
- Login/session tokens (signin_token)
The presence of login tokens is notable: if any remain valid, they could allow account takeover beyond the usual phishing, delivery-scam and identity-theft risks created by exposed contact details. As of reporting, Jour de Fête had not publicly confirmed the breach or commented on the authenticity or origin of the database, so the incident status remains unverified.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/jour-de-fete-543-000-comptes-clients-en-fuite-apres-une-cyberattaque/