Skip to content
Supply chainOngoing

Claimed leak at MaSalleDeSport - unspecified volume

On 22 February 2026, a hacker known as "84City" claimed to have breached MaSalleDeSport, a CRM and management provider for 2,000+ French gyms (Basic-Fit, Fitness Park, ON AIR Fitness, L'Orange Bleue), exposing member names, phone numbers, SMS and addresses for a potential 1M+ people.

Victim
MaSalleDeSport (Basic-Fit, Fitness Park..)

On 22 February 2026, MaSalleDeSport β€” a French software vendor supplying CRM, mobile-app and management tools to more than 2,000 gyms β€” was claimed to have been compromised in a supply-chain attack with downstream impact on several major fitness chains, including Basic-Fit, Fitness Park, ON AIR Fitness and L'Orange Bleue.

A hacker operating under the handle "84City" β€” already linked to claimed breaches of ON AIR Fitness and Keep Cool β€” said they had gained access to the provider's back-end and exfiltrated customer data from the gyms it serves. Because the data flowed through a single shared provider, the breach potentially reaches well over 1 million gym members across the affected networks. The attacker also claimed to retain access to sensitive internal interfaces covering customers, billing and franchise data, suggesting a persistent compromise rather than a one-off dump.

According to the claim and the data samples circulated, the exposed information includes:

  • Full names (first and last)
  • Phone numbers
  • SMS / text-message content
  • Postal addresses (in some cases)
  • Gym-membership and franchise/billing records

As of the disclosure date the breach was a hacker claim backed by published samples; the full volume was not independently confirmed, and the attacker reportedly still held access to the provider's interfaces. The exposure of names, phone numbers and addresses raises a high risk of targeted phishing and identity fraud against affected gym members.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-22-masalledesport-basic-fit-fitness-park
  2. frenchbreaches.comhttps://frenchbreaches.com/blog/un-hacker-revendique-lacces-aux-donnees-clients-de-basic-fit-fitness-park-on-air-fitness-via-masalledesport
  3. usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/fuite-de-donnees-200-000-membres-des-salles-de-sport-basic-fit-concernes-par-un-vol-de-donnees-personnelles-suite-a-un-piratage-informatique.IVSATA4ETVCQNFQKLTROHBDIEY.html

Related incidents

Supply chainContained

Leak at Discord

On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

Victim
Discord
Records
70.0K