Claimed leak at MaSalleDeSport - unspecified volume
On 22 February 2026, a hacker known as "84City" claimed to have breached MaSalleDeSport, a CRM and management provider for 2,000+ French gyms (Basic-Fit, Fitness Park, ON AIR Fitness, L'Orange Bleue), exposing member names, phone numbers, SMS and addresses for a potential 1M+ people.
- Victim
- MaSalleDeSport (Basic-Fit, Fitness Park..)
On 22 February 2026, MaSalleDeSport β a French software vendor supplying CRM, mobile-app and management tools to more than 2,000 gyms β was claimed to have been compromised in a supply-chain attack with downstream impact on several major fitness chains, including Basic-Fit, Fitness Park, ON AIR Fitness and L'Orange Bleue.
A hacker operating under the handle "84City" β already linked to claimed breaches of ON AIR Fitness and Keep Cool β said they had gained access to the provider's back-end and exfiltrated customer data from the gyms it serves. Because the data flowed through a single shared provider, the breach potentially reaches well over 1 million gym members across the affected networks. The attacker also claimed to retain access to sensitive internal interfaces covering customers, billing and franchise data, suggesting a persistent compromise rather than a one-off dump.
According to the claim and the data samples circulated, the exposed information includes:
- Full names (first and last)
- Phone numbers
- SMS / text-message content
- Postal addresses (in some cases)
- Gym-membership and franchise/billing records
As of the disclosure date the breach was a hacker claim backed by published samples; the full volume was not independently confirmed, and the attacker reportedly still held access to the provider's interfaces. The exposure of names, phone numbers and addresses raises a high risk of targeted phishing and identity fraud against affected gym members.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-22-masalledesport-basic-fit-fitness-park
- frenchbreaches.comhttps://frenchbreaches.com/blog/un-hacker-revendique-lacces-aux-donnees-clients-de-basic-fit-fitness-park-on-air-fitness-via-masalledesport
- usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/fuite-de-donnees-200-000-membres-des-salles-de-sport-basic-fit-concernes-par-un-vol-de-donnees-personnelles-suite-a-un-piratage-informatique.IVSATA4ETVCQNFQKLTROHBDIEY.html