Skip to content
Data breachUnknown

126,998 Reseau.site customers affected by a data leak

On 29 January 2026, a full database dump from Reseau.site — a French SaaS platform for merchants and craftspeople — exposed 126,998 customer records, including names, contact details, hashed passwords, bank card numbers and IBANs.

Victim
Reseau.site
records
127.0K

On 29 January 2026, Reseau.site — a French SaaS management platform used by local merchants and craftspeople — was hit by a data leak when a complete dump of its database surfaced. The exposed dataset combined CRM, e-commerce and marketing records and affected 126,998 unique customer profiles.

The leaked data was unusually granular, spanning personal, financial and technical information as well as security credentials:

  • Identity and contact data: names, titles/gender, internal identifiers (customer, merchant and accountant IDs), 67,908 email addresses, 52,959 mobile numbers and 76,306 landline numbers
  • Financial data: 5,549 full payment card numbers, 126 IBANs, 10,044 BIC codes, plus transaction details (invoice descriptions, revenue and pre-tax amounts)
  • Credentials: 72,246 passwords hashed with the obsolete MD5 algorithm, 1,165 BCrypt hashes and active access tokens
  • Business and technical data: SIRET/SIREN, VAT and NAF identifiers, full postal addresses with GPS coordinates, IP addresses, and PrestaShop/WordPress credentials

The exposure of full card numbers, IBANs and weakly hashed (MD5) passwords makes the affected merchants and their own customers vulnerable to fraud and credential-stuffing attacks. The leak was reported via the French breach tracker fuitesinfos.fr and flagged publicly by security researchers; no detailed remediation statement from Reseau.site had been confirmed at the time of reporting, and the status of the incident remains unknown.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-29-reseau-site
  2. x.comhttps://x.com/Ced_haurus/status/2016670827375112677

Related incidents