Claimed leak at Kimsufi (OVHcloud) affecting databases
A threat actor claimed to have stolen data tied to Kimsufi, the budget hosting brand of French cloud provider OVHcloud, alleging exposure of roughly 1.6 million customers and data from 5.9 million hosted websites; OVHcloud denied the breach, saying the sample did not come from its systems.
- Victim
- Kimsufi (OVHcloud)
On 13 February 2026, Kimsufi (OVHcloud) β the budget dedicated-server, VPS and hosting brand of French cloud giant OVHcloud β was named in a data-leak claim posted to a cybercrime forum. The threat actor alleged they had gained access to a high-privilege administrative "parent account" and exfiltrated a large trove of customer and website data, offering a sample to prospective buyers.
The actor claimed the haul covered roughly 1.6 million customers and telemetry or content from about 5.9 million hosted websites. According to the listing, the allegedly exposed data included:
- Customer identity and contact details (names, email addresses, phone numbers, physical addresses)
- Website-linked data such as source code, databases and multimedia files
- Server and infrastructure configurations across US and EU regions
- Internal OVHcloud corporate documentation
OVHcloud disputed the claim. Founder Octave Klaba said that after an internal audit of the sample supplied by the seller, the company concluded the data did not originate from its systems, calling the allegations baseless. Researchers also flagged red flags: the seller had no track record of confirmed breaches, fitting a known pattern of posting a large claim, offering a "sample," and collecting payment before disappearing.
As of the latest reporting the breach remains unverified and disputed, with no independent confirmation that genuine OVHcloud or Kimsufi customer records were compromised. The status is therefore unknown.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-13-kimsufi-ovhcloud
- cybernews.comhttps://cybernews.com/security/ovhcloud-founder-denies-data-breach-claims/
- securityonline.infohttps://securityonline.info/ovhcloud-security-breach-customer-dossiers-telemetry-leak-2026/