THREATNOIR
Subscribe
Back to Feed
BreachesJun 3, 2026

Threat Actor Claims to Sell a Carvivo Automotive Lead Database Affecting Millions in France

Threat actor DumpsecV2 claims to sell 14M automotive leads from French SaaS platform Carvivo.

Read at source

Summary

A threat actor using the alias DumpsecV2 claims to be selling a database stolen from Carvivo, a French SaaS provider managing automotive sales leads for car dealerships across Europe. The alleged dataset contains ~14 million people records, 3.2 million email addresses, 5+ million vehicle plate numbers, and associated contact details, offered for EUR 5,000. If genuine, the exposed data would be valuable for spam, phishing, and vehicle-related fraud.

Full text

Data14M+ leads PriceEUR 5,000 CountryFrance ActorDumpsecV2 ▣Post details TargetCarvivo (Carvivo Contact, automotive lead SaaS) CountryFrance SectorAutomotive SaaS / Lead Management ClaimLead database offered for sale Data~14M people; 3.2M emails; 5M plates ObservedJun 3, 2026 PriceEUR 5,000 ActorDumpsecV2 (Dumpsec) !Allegedly exposed ~14M people across two files (claimed) 3.2M unique email addresses 5M+ vehicle plate numbers Contact / prospect names Phone numbers (primary & secondary) Vehicle make, model, mileage & price Registration & VIN data Dealership / sales-outlet assignment Lead notes & enquiry details Opt-in / marketing status ␱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a dataset spanning millions of automotive leads, names, emails, phone numbers, vehicle registration and plate data, and dealer notes, would be highly valuable for spam, phishing, and vehicle-related fraud. The seller explicitly markets the emails for spam and the plate numbers for fraudulent reuse, and plate-to-owner linkage is especially sensitive. As with any large for-sale listing, the figures may be inflated or partly recycled from earlier data. iStatus Unverified Sample files, proof galleries, and a sale price were posted to an underground forum, with a Session contact for buyers; the sample links, galleries, contact identifiers, and the personal records shown in the post are not reproduced here. The claim has not been independently confirmed and Carvivo has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots, check out the threat feed or ransomware feed. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE

Indicators of Compromise

  • malware — Carvivo Contact database

Entities

Carvivo (vendor)Carvivo Contact (product)DumpsecV2 (threat_actor)SaaS (technology)