A threat actor has allegedly put administrative access to the website of “Come to Paris” up for sale on a clandestine forum. Come to Paris is a prominent online travel agency that provides booking services for a wide range of Parisian attractions, including museums, monuments, cruises, and shows, making it a key platform for tourists visiting the French capital. The asking price for exclusive access to the company’s backend systems is listed at $1,000.
The seller provided screenshots as proof of access, which appear to show a live administrative panel. One image reveals a customer database allegedly containing over 400,000 individual client records. The compromised information could be highly sensitive, potentially exposing a significant number of international and local tourists to risks such as identity theft and targeted phishing campaigns. This incident highlights the critical need for robust security measures, especially for companies handling large volumes of personal and travel-related data.
Based on the evidence shared by the threat actor, the following customer information is allegedly accessible:
- Full Name
- E-mail Address
- Telephone Number
- Language
- Company / Association
- Full Address (Street, Country, Postal Code, City)
