Skip to content
Data breachOngoing

Sejourneur.com: 53,000 bookings and thousands of invoices in a data leak

On 26 April 2026, a threat actor known as ChimeraZ published online the database of Sejourneur.com, a French seasonal-rental management platform, exposing around 53,000 bookings, over 7,000 PDF invoices and personal data on more than 46,000 people.

Victim
Sejourneur.com
records
53.0K

On 26 April 2026, Sejourneur.com — a French platform specialising in the management of stays and seasonal rentals — saw its database published online by a threat actor operating under the name ChimeraZ. The leak surfaced as part of a wider campaign by the same actor against French travel and accommodation operators.

The exposed dataset, distributed in JSON and PDF formats and weighing roughly 280 MB, contained around 53,000 reservation records and more than 7,000 invoices in PDF form, affecting over 46,000 individuals. The precise origin of the extraction and the technical circumstances of the breach have not been established.

Exposed data categories included:

  • Customer names, email addresses and phone numbers
  • Cities of origin
  • Property names and arrival/departure dates
  • Guest counts and pricing details
  • Transaction amounts and amounts paid out to property owners
  • Internal reservation IDs

The combination of traveller contact details, stay details and financial records creates a high risk of targeted phishing, refund and booking scams, and fraud aimed at both travellers and property owners. As of disclosure, the leaked database remained publicly circulated, and no public statement from the company on its response or victim notification had been reported.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/sejourneur-com-53-000-reservations-milliers-factures-fuite-de-donnees/
  2. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-04-26-sejourneur

Related incidents