Global Dining Event Diner en Blanc Breached, 411K Guest Records With Event Details and Invite Codes Listed for Sale

Summary

A threat actor known as 888 has compromised the database of Diner en Blanc, the global invitation-only dining event platform, exposing 411,000 guest records across six continents. The leaked data includes personally identifiable information, event logistics, VIP/blacklist status, invite codes, transportation details, and partner connections—effectively creating a curated targeting list of high-net-worth individuals. The database is being offered for sale on the dark web for Monero cryptocurrency only.

Full text

Dark Web Informer - Cyber Threat Intelligence Global Dining Event Diner en Blanc Breached, 411K Guest Records With Event Details and Invite Codes Listed for Sale April 17, 2026 - 10:01:01 PM UTC Canada Events / Hospitality Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-17 22:01:01 UTC Threat Actor 888 Victim Diner en Blanc Industry Events / Hospitality Category Data Breach Total Records 411,000 Scope Global (Six Continents) Sale Type One-Time Exclusive Payment XMR (Monero) Only Price Make Offer Network Open Web Country Canada (Global Events) Incident Overview A well-known threat actor going by 888 is selling the database of DinerEnBlanc.com, the platform behind the internationally recognized Diner en Blanc pop-up dining event. Originating in Paris in 1988, Diner en Blanc ("Dinner in White") is a worldwide phenomenon held in over 80 cities across six continents, where thousands of guests dressed in white gather at secret locations for an open-air dinner. The database contains 411,000 unique user records and is being offered as a one-time exclusive sale for Monero only. The breach exposes two distinct datasets. The primary event management database contains the following fields per record: Personal Identity: IDs, first names, last names, and email addresses. Event Logistics: Phase assignments, role designations, invite codes, transportation method, group assignments, and table numbers. These fields reveal the detailed organizational structure of how each event is planned and managed. Attendance Status: VIF (VIP) status flags, new attendee markers, absent flags, incomplete registration markers, personal invitation status, blacklisted flags, cancelled flags, confirmed flags, confirmation status, and reserved status. Social Connections: Partner IDs linking guests to their dining partners, revealing personal relationship data. A separate newsletter/mailing list dataset includes email addresses, first names, last names, subscription tags, subscribed/unsubscribed timestamps, and extra attributes. The value of this data goes beyond typical PII. Diner en Blanc is an invitation-only, culturally exclusive event that attracts affluent, socially connected individuals in major global cities. The guest list effectively functions as a curated directory of high-net-worth and socially prominent individuals across 80+ cities worldwide. The VIF/VIP flags, blacklist status, and invite code structures reveal the internal social hierarchy of the event organization. For social engineers, this is a high-quality targeting list of wealthy individuals with verified social connections, event preferences, and transportation patterns. Compromised Data Categories Full Names Email Addresses Invite Codes Event Roles & Phases Transportation Details Table & Group Assignments VIF/VIP Status Blacklist Status Confirmation & Cancellation Status Partner IDs Newsletter Subscriptions & Tags Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets the Diner en Blanc event management platform to access the global guest database containing records from events across six continents. T1213 Data from Information Repositories Extracts the complete event management database with 411,000 guest records including personal details, event logistics, VIP status, and partner connections alongside the newsletter mailing list. T1589.002 Gather Victim Identity: Email Addresses Harvests 411,000 email addresses with associated names, event roles, and VIP indicators, creating a curated targeting list of affluent individuals across 80+ global cities. T1567 Exfiltration Over Web Service Offers the stolen database as a one-time exclusive sale on forums with payment in Monero only, and contact via PM or Session messaging. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• domain — DinerEnBlanc.com

Entities