Sejourneur.com: 53,000 bookings and thousands of invoices in a data leak
On 26 April 2026, a threat actor known as ChimeraZ published online the database of Sejourneur.com, a French seasonal-rental management platform, exposing around 53,000 bookings, over 7,000 PDF invoices and personal data on more than 46,000 people.
- Victim
- Sejourneur.com
- records
- 53.0K
On 26 April 2026, Sejourneur.com — a French platform specialising in the management of stays and seasonal rentals — saw its database published online by a threat actor operating under the name ChimeraZ. The leak surfaced as part of a wider campaign by the same actor against French travel and accommodation operators.
The exposed dataset, distributed in JSON and PDF formats and weighing roughly 280 MB, contained around 53,000 reservation records and more than 7,000 invoices in PDF form, affecting over 46,000 individuals. The precise origin of the extraction and the technical circumstances of the breach have not been established.
Exposed data categories included:
- Customer names, email addresses and phone numbers
- Cities of origin
- Property names and arrival/departure dates
- Guest counts and pricing details
- Transaction amounts and amounts paid out to property owners
- Internal reservation IDs
The combination of traveller contact details, stay details and financial records creates a high risk of targeted phishing, refund and booking scams, and fraud aimed at both travellers and property owners. As of disclosure, the leaked database remained publicly circulated, and no public statement from the company on its response or victim notification had been reported.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/sejourneur-com-53-000-reservations-milliers-factures-fuite-de-donnees/
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-04-26-sejourneur