Woop: more than 256,000 users exposed with contact details and banking data
On 13 May 2026, a database of 256,319 records attributed to French last-mile delivery platform Woop (woopit.fr) was put up for sale on a cybercriminal forum, exposing names, postal addresses, phone numbers, email addresses, birth dates and banking details.
- Victim
- Woop
- records
- 256.3K
On 13 May 2026, Woop β a French last-mile delivery orchestration platform (woopit.fr) that connects retailers and e-commerce brands with carriers to manage home delivery, click-and-collect and shipment tracking β was named in a listing on a cybercriminal forum offering a database attributed to the company for sale.
The seller advertised 256,319 records and released a sample to demonstrate authenticity, asking roughly $250 for the full dataset. According to the data categories described in the listing, the exposed records combined personal contact information with delivery and financial details.
Exposed data reportedly included:
- Full names and company names
- Postal addresses, phone numbers and email addresses
- Dates of birth
- Banking data and account numbers
- Internal identifiers
The combination of personal identity, delivery and banking information makes affected users particularly vulnerable to targeted phishing and fraud, including impersonation of delivery services by SMS or email. As of the disclosure date, the full authenticity of the data and the exact origin of the leak had not been publicly confirmed, and no official statement from Woop was available β the status of the incident therefore remains unknown.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/woop-plus-de-256-000-utilisateurs-exposes-avec-coordonnees-et-donnees-bancaires/