Leboncoin Immobilier Data Leak: 4M French Property Listings Exposed
Threat actor claims to leak 4M French real estate listings, including 1.1M phone numbers.
Summary
A threat actor named ChimeraZ claims to have leaked a dataset of approximately 4 million real estate listings aggregated from 13 French property portals, including Leboncoin, SeLoger, and PAP. The leaked data reportedly includes over 1.1 million phone numbers, seller names, property details, and listing URLs. While much of the data is publicly available, the aggregation of phone numbers and seller information could facilitate targeted scams.
Full text
Data4M+ listings Price4 forum points CountryFrance ActorChimeraZ ▣Post details TargetLeboncoin Immobilier (aggregated real-estate listings) CountryFrance SectorReal Estate / Classifieds ClaimAggregated listing dataset leaked (source teased) Data~4M listings (13 portals); 1.1M phone numbers ObservedJun 8, 2026 Price4 forum points (paywall) ActorChimeraZ !Allegedly exposed ~4M property listings (claimed) 1.1M+ phone numbers Seller / lister names Listing prices & property details Postal codes & listing locations Ad URLs & references Data from 13 French property portals Listing photo / media links ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, an aggregated set of 4 million listings with around 1.1 million phone numbers, seller names, property values, and locations would be a strong resource for spam, vishing, and property-related scams targeting both sellers and buyers across France. Much of the listing content is public ad data, but the bulk phone-and-name aggregation is the sensitive part. Because the actor frames the source as an upstream third party, the true compromised entity may differ from the portals named, and the figures are unconfirmed. iStatus Unverified A data sample and per-site line counts were posted to an underground forum, with downloads behind a small points paywall; the sample records, seller contact details, and download links are not reproduced here. The actor teased that the source of the compromise would be revealed later. The claim has not been independently confirmed, and the named portals have not addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE