Skip to content
Support
Sign In Subscribe
Data Breaches

Alleged Breach of Airsoft-Entrepot Exposes 333K Customer Records, Orders, Invoices, and B2B Data From French Retailer Spanning 2013 to 2026

 and  Dark Web Informer
10 min read
Dark Web Informer - Cyber Threat Intelligence

Alleged Breach of Airsoft-Entrepot Exposes 333K Customer Records, Orders, Invoices, and B2B Data From French Retailer Spanning 2013 to 2026

March 23, 2026 - 4:03:43 AM UTC
France
Retail / E-Commerce
Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more.
View API
Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously.
Subscribe Now

Quick Facts

Date & Time 2026-03-23 04:03:43 UTC
Threat Actor HexDex
Victim Airsoft-Entrepot
Industry Retail / E-Commerce
Category Data Breach
Unique Customers 383K
Unique Emails 328K
Unique Phones 243K
Data Range 2013 - 2026
Files 10+
Price Make Offer
Country France

Incident Overview

A threat actor going by HexDex claims to be selling multiple databases from Airsoft-Entrepot, a French online retailer specializing in airsoft equipment, replicas, gear, and accessories. The company is known for competitive pricing, fast shipping, and a strong presence in the airsoft community. The listing covers data spanning from 2013 to 2026 across more than 10 separate database files.


The actor is offering customer, order, invoice, supplier, delivery, accounting, and B2B order databases along with warehouse and inventory data. From the customer file alone, the actor provided the following breakdown:

  • Unique Addresses: 333K full address records.
  • Unique Customers: 383K individual customer profiles.
  • Unique Phone Numbers: 243K phone numbers.
  • Unique Emails: 328K email addresses.

The breadth of the data goes well beyond just customer PII. The inclusion of supplier databases, B2B order records, accounting data, and warehouse inventory means this breach exposes the company's full operational backend: who they buy from, what they sell, what they stock, their financial records, and their entire customer and delivery history over 13 years. The actor provided proof links, sample data from the customer file, and a 1K line sample across all files. Pricing is by offer, with contact available via qTox or Session messaging.

Compromised Data Categories

Customer Records Full Addresses Email Addresses Phone Numbers Order History Invoice Data Supplier Information Delivery Records Accounting Data B2B Order Records Warehouse / Inventory Data

Image Preview

Forum post by HexDex selling Airsoft-Entrepot customer, order, invoice, supplier, and B2B databases with sample data and record counts Additional database file details and 1K line sample from Airsoft-Entrepot breach listing with pricing and contact information

Claim URL

Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers.
Subscribe
Subscriber Access View the original listing URL and unredacted claim images on the feeds below.
Threat Feed Ransomware Feed

MITRE ATT&CK Mapping

T1190 Exploit Public-Facing Application
Targets vulnerabilities in the retailer's ecommerce platform to gain unauthorized access to backend databases containing customer, order, and business data.
T1213 Data from Information Repositories
Extracts structured data from ecommerce application databases, pulling customer profiles, order histories, invoices, supplier records, and accounting data across 10+ files.
T1005 Data from Local System
Collects data directly from the compromised system, extracting full database exports including warehouse inventory, delivery records, and B2B transaction history.
T1589.002 Gather Victim Identity: Email Addresses
Harvests 328K unique email addresses, 243K phone numbers, and 333K physical addresses from the customer database for resale and potential targeted attacks.
T1530 Data from Cloud Storage
Accesses cloud-hosted ecommerce databases and storage systems containing 13 years of operational data including supplier relationships and financial records.
T1567 Exfiltration Over Web Service
Uses web forums and encrypted messaging (qTox, Session) to advertise, distribute samples, and negotiate sales of the stolen retail databases.

Dark Web Informer © 2026 | Cyber Threat Intelligence
DarkWebInformer.com

Related

Latest