616 contributors affected by the Paris à cœur ouvert data leak
On 9 January 2026, the campaign website of Paris mayoral candidate Sarah Knafo (Reconquête) publicly exposed the personal data of hundreds of contributors to its 'Paris à cœur ouvert' forum, including names, emails, phone numbers and IP addresses, even for people who had asked to stay anonymous.
- Victim
- Paris à cœur ouvert (Sarah Knafo's site)
On 9 January 2026, Paris à cœur ouvert — the campaign website launched the day before by Paris mayoral candidate Sarah Knafo (Reconquête) — was found to be publicly exposing the personal data of contributors to its participation forum, where Parisians could submit proposals for the city.
The forum, which was meant to collect citizen contributions, made the underlying records freely accessible. Cybersecurity researcher SaxX flagged the flaw publicly, noting that the information of several hundred contributors was openly readable — including for users who had explicitly requested anonymity.
The exposed data covered:
- Names
- Email addresses (458 unique addresses recorded)
- Phone numbers (187 recorded)
- IP addresses (437 recorded)
Reporting put the number of affected contributors at roughly 600 (607 in news coverage; the tracker entry lists 616). Following the public disclosure, the campaign deleted all forum contributions and Sarah Knafo stated that the error had been "corrected," indicating the exposure was closed shortly after it came to light.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-09-paris-a-c-ur-ouvert-site-sarah-knafo
- franceinfo.frhttps://www.franceinfo.fr/elections/municipales/municipales-a-paris-les-informations-personnelles-de-centaines-de-contributeurs-au-site-de-campagne-de-sarah-knafo-exposees-publiquement_7730650.html
- presse-citron.nethttps://www.presse-citron.net/municipales-le-site-internet-de-la-candidate-sarah-knafo-expose-toutes-les-donnees-personnelles-de-futurs-electeurs/
- davfi.frhttps://davfi.fr/site-de-campagne-de-sarah-knafo-un-demarrage-sous-le-signe-des-failles-de-securite/