Skip to content
Data breachUnknown

Woop: more than 256,000 users exposed with contact details and banking data

On 13 May 2026, a database of 256,319 records attributed to French last-mile delivery platform Woop (woopit.fr) was put up for sale on a cybercriminal forum, exposing names, postal addresses, phone numbers, email addresses, birth dates and banking details.

Victim
Woop
records
256.3K

On 13 May 2026, Woop β€” a French last-mile delivery orchestration platform (woopit.fr) that connects retailers and e-commerce brands with carriers to manage home delivery, click-and-collect and shipment tracking β€” was named in a listing on a cybercriminal forum offering a database attributed to the company for sale.

The seller advertised 256,319 records and released a sample to demonstrate authenticity, asking roughly $250 for the full dataset. According to the data categories described in the listing, the exposed records combined personal contact information with delivery and financial details.

Exposed data reportedly included:

  • Full names and company names
  • Postal addresses, phone numbers and email addresses
  • Dates of birth
  • Banking data and account numbers
  • Internal identifiers

The combination of personal identity, delivery and banking information makes affected users particularly vulnerable to targeted phishing and fraud, including impersonation of delivery services by SMS or email. As of the disclosure date, the full authenticity of the data and the exact origin of the leak had not been publicly confirmed, and no official statement from Woop was available β€” the status of the incident therefore remains unknown.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/woop-plus-de-256-000-utilisateurs-exposes-avec-coordonnees-et-donnees-bancaires/

Related incidents

Data breachOngoing

Leak at Once for all (via Actradis)

On 11 May 2026, Once For All disclosed unauthorized access to its Actradis B2B compliance platform, exposing professional contact data (names, professional emails, phone and contact details); a leaked database circulating since early May reportedly held about 305,000 records.

Victim
Once for all