A significant data breach has allegedly struck FranceCasse.fr, a prominent online platform in France that connects individuals with a vast network of auto salvage yards to find used car parts. According to a post on a dark web forum, a threat actor is selling what they claim to be the company’s complete database, source code, and other internal data from 2025. This incident could potentially expose the sensitive information of over half a million customers.
FranceCasse.fr serves as a crucial intermediary for motorists seeking affordable, recycled auto parts, boasting a network of 250 approved End-of-Life Vehicle (ELV) centers. The alleged breach compromises the very customers who turn to the service for cost-effective vehicle maintenance. The seller on the forum claims the leaked data amounts to 62 GB and is contained within a .sql file with over 20 tables. The sale is reportedly limited to ten buyers, increasing the risk of the data being used for malicious purposes such as phishing, identity theft, and other fraudulent activities.
The threat actor has listed several data categories included in the alleged breach, providing a glimpse into the extent of the compromised information. The leaked data purportedly includes:
- Customer Information: Full names, email addresses, hashed passwords, physical addresses, phone numbers, and IP addresses.
- Company and Transactional Data: Details on products, payment information, and internal company data.
- Technical Assets: The complete source code of the FranceCasse.fr website.
