France
Legal Services
Active Vulnerability
French Legal Platform Litige.fr Allegedly Breached, Nearly 595,000 Users' Data Exposed Through Access-Control Flaws
Two threat actors using the aliases misere and ChimeraZ claim to have breached Litige.fr, a French online legal-services and debt-recovery platform, and are leaking data they say covers 595,024 users. According to the post, the records were pulled through unauthenticated access-control flaws that returned user data without any login, and include names, emails, IP and postal addresses, dates and places of birth, nationality, profession, phone numbers, and business and legal-case details. One actor disputes an earlier claim of 2 million users. The actors also describe account-takeover and staff-dashboard access, suggesting the underlying weaknesses may still be exploitable. The claim is unverified.
France▣Post details
France!Allegedly included
- 595,024 user records
- Names & emails
- Phone numbers
- Postal & IP addresses
- Dates & places of birth
- Nationality & profession
- Business & company details
- Legal-case information
◱Screenshot
⚠Potential impact
Exposing nearly 595,000 people's identities, contact details, IP and postal addresses, and legal-case information is severe on its own, and it is compounded by the platform's debt-recovery and litigation context, where the data can reveal individuals' disputes, adversaries, and claimed amounts. The actors describe not only data exposure but account takeover and access to a staff dashboard tied to payment processing and enterprise clients, which would mean the compromise is potentially ongoing rather than a one-time leak. Affected users and businesses face heightened risks of fraud, impersonation, and targeting. The claim is unverified.
iStatus
UnverifiedThis is a data-leak post with the download gated behind forum points; it also includes a detailed description of the access-control weaknesses used. Operators should treat this as a possible active exposure, review unauthenticated access to user and document endpoints, and rotate affected credentials. The claim is unverified and Litige.fr has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE