French IT Firm Réseau.site Suffers Data Breach as Hacker Publishes User Records

On January 28, a bad actor by the name “Sorb” published details of an attack on BreachForums.

The target? Reseau.site, a French IT services network. Sorb is alleged to have hijacked the whole MySQL database of the network, 184 megabytes spread over 159 CSV files.

What Was Stolen from Réseau

The compromised data is extensive. Sorb claims the dataset contains over 24,000 unique email addresses, more than 65,000 phone numbers, and over 29,000 mobile numbers. But it doesn’t stop at contact information.

The breach allegedly includes users’ full names, physical addresses, and password credentials. While a few passwords had protection with bcrypt hashing, others maintained MD5. According to security experts, MD5 cryptographically is wrecked and no longer ideal for keeping passwords safe.

“Using out-of-date hashing algorithms like MD5 shows possible security oversights that smart attackers can grasp,” cybersecurity experts warn. This removes the stress hackers face when decoding those passwords.

Sorb took steps to prove the breach was real. The attacker sent verification samples to another forum user and posted a public sample of the database. The complete dataset was made available through a file-sharing link. This means anyone with the link can now access this stolen information.

Reseau.site has not issued any public statement about the breach. It remains unclear whether affected users have been notified at all, a stark contrast to the swift law enforcement response seen in other recent cases, such as the attack on the Interior Ministry.

45 Million Records Found Exposed

Just weeks earlier, researchers discovered something even larger. The Cybernews research team found an unprotected cloud server in mid-January containing over 45 million French records.

This wasn’t a typical corporate misconfiguration. Researchers believe a data broker or criminal collector deliberately compiled this database. They merged stolen datasets from multiple breaches to increase resale value.

The exposed repository contained diverse information. There were over 23 million entries resembling voter or demographic registry data with full names, addresses, and birthdates. Approximately 9.2 million healthcare professional records mirrored France’s official RPPS/ADELI registries. Roughly 6 million financial profiles contained IBANs and BICs tied to French banks.

The database was hosted on a French cloud server. After Cybernews contacted the hosting company, the repository’s owner secured the data by taking it offline. But the damage may already be done.

France Under Siege

The above examples are only part of an increasing number of attack types. In December, one hacker compromised the French government’s Ministry of the Interior’s computing systems, leading to the arrest of those responsible. This was followed in November by the breach of Dutch firm Eurofiber, which exposed French customer data on the darknet.

In November, Eurofiber came under attack with a compromise of its internal ticket management system. Two more organizations were also attacked in France during the last few days of 2025.

Due to the fact that these groups are acquiring different types of data, such as demographic, healthcare, and financial data about everyone, cyber attackers will be able to put together a more complete digital image of each of their victims using this data.

Once they have done that, they will be able to use that information to execute targeted phishing attempts against their victims, commit financial fraud against their victims, and conduct large-scale social engineering campaigns against potential victims.

If you belong to an organization impacted by these data breaches, you must take action immediately. You should change the passwords for both your reseau site account and any other websites where you used that same password.