Skip to content
Support
Sign In Subscribe
Data Breaches

Global Dining Event Diner en Blanc Breached, 411K Guest Records With Event Details and Invite Codes Listed for Sale

 and  Dark Web Informer
9 min read
Dark Web Informer - Cyber Threat Intelligence

Global Dining Event Diner en Blanc Breached, 411K Guest Records With Event Details and Invite Codes Listed for Sale

April 17, 2026 - 10:01:01 PM UTC
Canada
Events / Hospitality
Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more.
View API
Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously.
Subscribe Now

Quick Facts

Date & Time 2026-04-17 22:01:01 UTC
Threat Actor 888
Victim Diner en Blanc
Industry Events / Hospitality
Category Data Breach
Total Records 411,000
Scope Global (Six Continents)
Sale Type One-Time Exclusive
Payment XMR (Monero) Only
Price Make Offer
Network Open Web
Country Canada (Global Events)

Incident Overview

A well-known threat actor going by 888 is selling the database of DinerEnBlanc.com, the platform behind the internationally recognized Diner en Blanc pop-up dining event. Originating in Paris in 1988, Diner en Blanc ("Dinner in White") is a worldwide phenomenon held in over 80 cities across six continents, where thousands of guests dressed in white gather at secret locations for an open-air dinner. The database contains 411,000 unique user records and is being offered as a one-time exclusive sale for Monero only.


The breach exposes two distinct datasets. The primary event management database contains the following fields per record:

  • Personal Identity: IDs, first names, last names, and email addresses.
  • Event Logistics: Phase assignments, role designations, invite codes, transportation method, group assignments, and table numbers. These fields reveal the detailed organizational structure of how each event is planned and managed.
  • Attendance Status: VIF (VIP) status flags, new attendee markers, absent flags, incomplete registration markers, personal invitation status, blacklisted flags, cancelled flags, confirmed flags, confirmation status, and reserved status.
  • Social Connections: Partner IDs linking guests to their dining partners, revealing personal relationship data.

A separate newsletter/mailing list dataset includes email addresses, first names, last names, subscription tags, subscribed/unsubscribed timestamps, and extra attributes.


The value of this data goes beyond typical PII. Diner en Blanc is an invitation-only, culturally exclusive event that attracts affluent, socially connected individuals in major global cities. The guest list effectively functions as a curated directory of high-net-worth and socially prominent individuals across 80+ cities worldwide. The VIF/VIP flags, blacklist status, and invite code structures reveal the internal social hierarchy of the event organization. For social engineers, this is a high-quality targeting list of wealthy individuals with verified social connections, event preferences, and transportation patterns.

Compromised Data Categories

Full Names Email Addresses Invite Codes Event Roles & Phases Transportation Details Table & Group Assignments VIF/VIP Status Blacklist Status Confirmation & Cancellation Status Partner IDs Newsletter Subscriptions & Tags

Image Preview

Forum post by 888 selling Diner en Blanc database with 411K records showing DB logo, compromised data fields, and sample records with event management columns Newsletter mailing list sample with email, name, tags, and subscription timestamps, plus one-time sale notice with XMR payment and Session contact

Claim URL

Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers.
Subscribe
Subscriber Access View the original listing URL and unredacted claim images on the feeds below.
Threat Feed Ransomware Feed

MITRE ATT&CK Mapping

T1190 Exploit Public-Facing Application
Targets the Diner en Blanc event management platform to access the global guest database containing records from events across six continents.
T1213 Data from Information Repositories
Extracts the complete event management database with 411,000 guest records including personal details, event logistics, VIP status, and partner connections alongside the newsletter mailing list.
T1589.002 Gather Victim Identity: Email Addresses
Harvests 411,000 email addresses with associated names, event roles, and VIP indicators, creating a curated targeting list of affluent individuals across 80+ global cities.
T1567 Exfiltration Over Web Service
Offers the stolen database as a one-time exclusive sale on forums with payment in Monero only, and contact via PM or Session messaging.

Dark Web Informer © 2026 | Cyber Threat Intelligence
DarkWebInformer.com

Related

Latest