HexDex Lists Stolen Customer and Operational Data From French Retailers
Threat actor HexDex has claimed breaches at two French e-commerce companies and is offering the allegedly stolen data for sale. One listing targets Airsoft-Entrepot, where the actor says it obtained more than 10 database files covering 2013 to 2026, including roughly 383,000 customer profiles, 328,000 email addresses, 243,000 phone numbers, and 333,000 full address records. The exposed material reportedly goes beyond customer PII to include orders, invoices, supplier data, delivery history, accounting records, B2B orders, and warehouse or inventory information, suggesting compromise of both customer-facing and back-office systems.
A second listing targets Allopneus, a major French online tire retailer, with HexDex claiming to hold data spanning 2014 to 2026 for 453,299 customers across 739,316 records, including 513,089 phone numbers and 453,299 email addresses. The actor reportedly published proof links, sample records, and 1,000-line excerpts for both datasets while soliciting offers through underground channels. If authentic, the disclosures would expose large volumes of customer contact data and purchase-related information, while the Airsoft-Entrepot cache could also reveal sensitive supplier, financial, and logistics details that increase fraud, phishing, and business intelligence risks.
Timeline
Mar 23, 2026
HexDex allegedly breaches Airsoft-Entrepot data spanning 2013–2026
HexDex claimed to be selling multiple stolen databases from French retailer Airsoft-Entrepot, allegedly exposing extensive customer, order, invoice, supplier, delivery, accounting, B2B, and inventory records. The listing said the customer dataset included 383,000 unique customer profiles, 328,000 email addresses, 243,000 phone numbers, and 333,000 full address records.
Mar 23, 2026
HexDex allegedly breaches Allopneus customer data spanning 2014–2026
Threat actor HexDex claimed to have stolen a large dataset from French online tire retailer Allopneus, allegedly containing 453,299 unique customers and 739,316 total records. The exposed data reportedly included customer contact details and likely related delivery, vehicle, and purchase or service history.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
French Police Arrest HexDex Over Wave of Data Breaches Across France
French authorities arrested a 20-year-old suspect known online as **HexDex** in western France over a broad hacking campaign that prosecutors say is tied to about 100 breach reports filed since late 2025. Investigators said the suspect admitted using the HexDex alias to claim responsibility for intrusions and to publish or repost stolen data on **BreachForum** and **Darkforum**. Police also seized the suspect’s Darkforum account and computer equipment, while forensic analysis and the wider investigation continue. The alleged victims span public institutions, sports federations, and private organizations across France, including multiple national sports bodies, **Logis Hôtels**, **Brit Hotel**, the **Philharmonie de Paris**, food banks, the **Moselle prefecture**, and **e-campus**, a training platform used by the national police. Prosecutors also linked the case to the French Ministry of National Education’s **Compas** database, where a March breach exposed personal data belonging to about **243,000 employees**, and said the suspect is also under scrutiny over a breach involving a government firearms information system. Authorities said a separate cyberattack on **France Titres** detected on April 15 is not currently being attributed to the suspect.
2 days ago
Dark Web Leak Claims Target Colis Privé and Multiple Online Services
Dark web monitoring reports described **unverified data leak claims** involving several organizations, including French parcel delivery firm **Colis Privé**. One post on **BreachForums** allegedly offered an upload of **22,564,381 records** attributed to Colis Privé, described as `.jsonl` files totaling **~4.1 GB**; no specific threat actor attribution or company confirmation was cited, and the notice characterized the situation as informational while scope is assessed. If authentic, the scale and format of the dataset would materially increase risk of **identity theft, credential stuffing, and targeted phishing** against customers. Separate dark web forum posts also alleged database exposures affecting **JobsGO** (Vietnam recruitment platform), **MyVete** (veterinary management platform), **PIXPAY** (Senegalese payment service), and **Groupe Fondasol** (France-based engineering). The claimed datasets reportedly include **CV/personal records**, and in some cases **API credentials and employee metadata**, with example figures including **~2.3 million records** for JobsGO and **~5.57 million records** for MyVete (verification not indicated). Across the claims, the primary business risk is downstream abuse of exposed personal and operational data for **social engineering, recruitment fraud, and account takeover**, rather than immediate exploitation of a specific software vulnerability.
1 months ago
Customer Data Exposed in LDLC and LuLu Retail Breaches
French retailer **LDLC** disclosed a breach affecting customers of its physical stores after stolen data was advertised for sale on a hacking forum. The exposed dataset reportedly included **1.26 million unique email addresses** along with customers' names, phone numbers, and physical addresses, indicating broad exposure of personally identifiable information tied to retail transactions. Emirati retailer **LuLu** also suffered a customer data breach in which an initial set of about **190,000 email addresses** and linked phone numbers was shared on a hacking forum. The incident escalated when the threat actor later leaked a larger backup from **October 2022**, exposing an additional **2.6 million unique email addresses** as well as names, physical addresses, order data, and **`PBKDF2` password hashes**, significantly increasing the risk of account compromise and follow-on phishing or fraud.
1 months ago