Skip to content
Data breachContained

Le Petit Vapoteur: 3.3 million customers exposed

In late March 2026, French e-cigarette retailer Le Petit Vapoteur was hit by a data breach after a hacker using the alias 'undef' put its customer database up for sale, exposing names, emails, phone numbers, postal addresses and IP logs for a claimed 3.3 million customers and 599 employees spanning 2012-2026.

Victim
Le Petit Vapoteur
records
3.3M

On 30 March 2026, Le Petit Vapoteur β€” one of France's largest online e-cigarette and vaping retailers β€” became the target of a large-scale data breach after a threat actor advertised its entire customer database for sale on a cybercriminal forum.

The company's technical teams reportedly detected signs of intrusion on internal tools around 20 March 2026. A few days later, a hacker using the pseudonym "undef" offered what they claimed to be the complete database for sale, covering roughly 14 years of records spanning 2012 to 2026 β€” effectively the firm's entire commercial history. The exact intrusion vector was not publicly confirmed.

The exposed data, according to the seller, included:

  • Customer names, email addresses and phone numbers
  • Postal addresses
  • Browsing histories and connection logs, including IP addresses
  • Employee data: personal details, job titles and contact information

The seller claimed the leak affected 3,307,087 customers and 599 employees. Le Petit Vapoteur stated that passwords and banking details were not compromised, and disputed the scale, asserting that the actual impact concerned less than 2% of its customer base. Even so, the breadth and 14-year depth of the data raise a heightened risk of targeted phishing and identity theft for affected individuals.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/le-petit-vapoteur-33-millions-de-clients-exposes/
  2. nophi.shhttps://nophi.sh/blog/petit-vapoteur-fuite-3-millions-clients-donnees
  3. frenchbreaches.comhttps://frenchbreaches.com/alertes/le-petit-vapoteur-mnanmz23cl3a0gosyom

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K