Skip to content
Data breachUnknown

47,561 subscribers - claimed data leak at Philharmonie de Paris

On 6 January 2026, a database from the Philharmonie de Paris's 'Philharmonie à la Demande' (PAD) music platform was published online, exposing 47,561 accounts — names, email addresses, logins and professional profiles — in a leak claimed by an actor known as HexDex2.

Victim
Philharmonie de Paris (PAD)
records
47.6K
SectorMedia

On 6 January 2026, the Philharmonie de Paris — France's flagship concert hall and cultural institution at the Cité de la Musique — saw a database from its "Philharmonie à la Demande" (PAD) online music service published on a leak forum. The exfiltration is believed to have taken place around 25 December 2025, and the dataset was posted publicly on 6 January by an actor using the handle HexDex2.

PAD is a digital music resource and streaming platform used through partner libraries and médiathèques across France, with an audience that includes teachers, students, and librarians. The leaked file contained 47,561 unique accounts spanning users in cities such as Paris, Marseille, Lyon, Lorient, and across Calvados.

Exposed data categories reported include:

  • Names and surnames
  • Email addresses
  • Login identifiers
  • Professional profiles (e.g. teacher, student, librarian)
  • Account creation and last-login dates
  • In some cases, an associated partner site (e.g. CIMU)

The combination of identity, contact details, and professional status creates a credible targeted phishing risk, since attackers can reference a victim's city or role to craft convincing fraudulent messages. As of the disclosure, the institution had not published a detailed public statement, and the response status remains unconfirmed.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-06-philharmonie-de-paris-pad
  2. x.comhttps://x.com/justabreach/status/2008595068249096348
  3. presse83.frhttps://presse83.fr/2026/01/11/fuites-massives-de-donnees-en-france-debut-2026/

Related incidents

Data breachContained

Acrimed: online shop hit by a cyberattack

On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.

Victim
Acrimed