Skip to content

French Legal Platform Litige France Allegedly Breached, Nearly 595,000 Users' Data Exposed Through Access-Control Flaws

Breach Report France flagFrance Legal Services Active Vulnerability

French Legal Platform Litige.fr Allegedly Breached, Nearly 595,000 Users' Data Exposed Through Access-Control Flaws

Two threat actors using the aliases misere and ChimeraZ claim to have breached Litige.fr, a French online legal-services and debt-recovery platform, and are leaking data they say covers 595,024 users. According to the post, the records were pulled through unauthenticated access-control flaws that returned user data without any login, and include names, emails, IP and postal addresses, dates and places of birth, nationality, profession, phone numbers, and business and legal-case details. One actor disputes an earlier claim of 2 million users. The actors also describe account-takeover and staff-dashboard access, suggesting the underlying weaknesses may still be exploitable. The claim is unverified.

Users595,024
TypeLegal / PII
CountryFrance flagFrance
Actorsmisere & ChimeraZ

Post details

TargetLitige.fr
CountryFrance flagFrance
SectorLegal services / Debt recovery
Claim595,024 users breached
DataNames, contact, IPs, legal/business info
VectorUnauthenticated access-control flaws
Observed
Actorsmisere & ChimeraZ

!Allegedly included

  • 595,024 user records
  • Names & emails
  • Phone numbers
  • Postal & IP addresses
  • Dates & places of birth
  • Nationality & profession
  • Business & company details
  • Legal-case information

Screenshot

Potential impact

Exposing nearly 595,000 people's identities, contact details, IP and postal addresses, and legal-case information is severe on its own, and it is compounded by the platform's debt-recovery and litigation context, where the data can reveal individuals' disputes, adversaries, and claimed amounts. The actors describe not only data exposure but account takeover and access to a staff dashboard tied to payment processing and enterprise clients, which would mean the compromise is potentially ongoing rather than a one-time leak. Affected users and businesses face heightened risks of fraud, impersonation, and targeting. The claim is unverified.

iStatus

Unverified

This is a data-leak post with the download gated behind forum points; it also includes a detailed description of the access-control weaknesses used. Operators should treat this as a possible active exposure, review unauthenticated access to user and document endpoints, and rotate affected credentials. The claim is unverified and Litige.fr has not publicly addressed it.

Want everything on this breach? Paid subscribers get the full claim details and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest