Leboncoin encountered a technical incident which resulted in the distribution of personal information of certain users. Sellers were thus able to access buyer data, such as their email address and telephone number.
In recent weeks, hacks have come one after another, to the point that we are now asking ourselves “But who will be next?” After the cyberattacks against Social Security, France Travail, LDLC and even the CAF, phenomenal quantities of Internet users’ personal data are now found on the Dark Web. As revealed The Informed, it is now the turn of the Leboncoin site to experience the turmoil. The resale platform announced that it had been the victim of a “technical incident”. “Due to this incident, personal data of certain buyers (…) was displayed in the notification email received by the sellers following an initial exchange in the messaging system”she conceded.
Leboncoin data leak: who is affected?
Leboncoin revealed the existence of this incident after several sellers on the platform reported the problem on X (formerly Twitter). Thus, for at least two days, on March 16 and 17, sellers had the unpleasant surprise of finding that by opening the platform’s internal messaging system, they could see the name, first name, email address and telephone number of the sellers. people who contacted them about an item for sale. Information that is normally supposed to be hidden. Also, if you purchased a property on Leboncoin during this period of time, it is possible that your personal data was communicated to the sellers with whom you exchanged. The problem is now resolved.
Leboncoin wants to be reassuring. “It is important to note that the data of these buyers could only be consulted by the seller with whom they were in direct conversation. No third party had access to these elements”, specifies the platform. Other sensitive data such as passwords or banking information have fortunately not been revealed. The leak, which lasted two days, is therefore ultimately relatively minimal, even if this information can still be used by malicious people.
In accordance with the general regulation on the protection of personal data (GDPR), Leboncoin informed the National Commission for Information Technology and Liberties (CNIL) of this incident. According to the law, the platform is required to notify the persons concerned as quickly as possible when a data leak may cause “a high risk for rights and freedoms” of the latter. In this specific case, it is unclear whether this rule applies or not. Likewise, Leboncoin did not communicate on the extent of the leak. We therefore do not know how many people are affected.