Skip to content
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point

On 18 November 2024, Le Point — a major French weekly news magazine — confirmed it had been the victim of a personal-data theft affecting its readers, the latest in a string of attacks on French media outlets including La Croix and Libération.

The breach did not originate in Le Point's own systems but in a subcontractor that operated its subscriber-relationship management (CRM) tool. Security analysts assessed that the provider was most likely compromised through a software vulnerability or via social engineering against an employee account, allowing the attacker to extract the customer database. A seller had advertised the data on a criminal forum on 13 November, posting a sample as proof and offering the full set for roughly €350.

Exposed data categories included:

  • Full names
  • Email addresses
  • Phone numbers
  • Postal addresses
  • Dates of birth

The attacker claimed roughly 900,000 current and former subscribers were affected, a figure Le Point did not formally confirm. Banking details and account passwords were reportedly not part of the leak. Le Point notified France's data-protection regulator (CNIL), filed a complaint with the Paris prosecutor's office, and set up a dedicated hotline, while urging readers to stay alert to phishing and to consult cybermalveillance.gouv.fr.

Sources

  1. lepoint.frhttps://www.lepoint.fr/high-tech-internet/apres-la-croix-et-liberation-le-point-victime-d-un-vol-de-donnees-personnelles-18-11-2024-2575566_47.php
  2. clubic.comhttps://www.clubic.com/actualite-544085-cyberattaque-le-point-comment-le-media-a-pu-etre-frappe-par-les-hackers-avec-de-nombreuses-donnees-derobees.html
  3. mac4ever.comhttps://www.mac4ever.com/divers/185395-l-hebdomadaire-le-point-victime-a-son-tour-d-un-important-vol-de-donnees

Related incidents

Supply chainContained

Leak at Crunchyroll

On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

Victim
Crunchyroll
Supply chainOngoing

Leak at PornHub

On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users — including email addresses and search/viewing history — was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

Victim
PornHub
Supply chainContained

Leak at Cyberhaven

On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.

Victim
Cyberhaven
Supply chainContained

Leak at Cybertek

On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.

Victim
Cybertek