Nuhanciam: over 156,000 customers exposed in a leak targeting the cosmetics brand
In May 2026, a database attributed to French dermo-cosmetics brand Nuhanciam surfaced on a cybercrime forum, exposing more than 156,000 customer records including names, emails, dates of birth, postal addresses, phone numbers and hashed passwords.
- Victim
- Nuhanciam
- records
- 156.0K
On 12 May 2026, Nuhanciam β a French dermo-cosmetics brand specializing in skincare for pigmented and darker skin tones β was named in a data leak after a database attributed to its e-commerce site began circulating on a cybercrime forum. The seller advertised more than 156,000 customer records belonging to French users.
The compromise appears to stem from a direct extraction of the merchant site's database, likely through a CMS compromise or stolen administrator access rather than a ransomware deployment. The dataset reflects the structure of an online store, including order confirmations, password-reset records and loyalty-program data.
The exposed records reportedly include:
- Full names
- Email addresses
- Dates of birth
- Postal addresses, cities and postal codes
- Phone numbers
- Hashed (encrypted) passwords
- Order history and billing details
- Newsletter and loyalty-program information
At the time of reporting, Nuhanciam had not publicly confirmed the incident, and the exact origin and full authenticity of the database remained unverified. With the data circulating openly, affected customers face an elevated risk of targeted phishing and account-takeover attempts where passwords were reused across services. Status remains unknown pending any official acknowledgment or regulatory disclosure.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/nuhanciam-plus-de-156-000-clients-exposes-dans-une-fuite-visant-la-marque-de-cosmetiques/
- zataz.comhttps://www.zataz.com/le-site-nuhanciam-pirate/