Intersport Rent: 1.2 million Records Allegedly Leaked

Claim Summary

An actor using the alias “placenta” has posted on a dark web forum, allegedly leaking a database from the French online ski and snowboard rental service, Intersport Rent. The post, dated March 11, 2026, claims the data originates from a breach that occurred in March 2025. The actor states the leak contains over 1.2 million order records, which reportedly correspond to approximately 476,346 unique customer entries. A file hash and size details are provided.

What Is Allegedly Exposed

According to the unverified post, the compromised database purportedly contains customer information from Intersport Rent. The claimed data types include:

• Names
• Email addresses
• Phone numbers
• Genders
• Loyalty program numbers
• Purchase/order history

The threat actor specifies that the data is contained within a compressed file and provides an MD5 hash (F58105610CBBC1692C6378916F2B3FA6) for verification. They state the uncompressed data is approximately 208 MB.

Threat Actor Profile

The post author operates under the single alias “placenta.” There is no immediate indication of a known reputation or history associated with this moniker, which is a potential red flag. The actor claims personal responsibility for the breach, stating they were the one who “breached” the company. The lack of an established track record makes it difficult to assess the credibility of these claims independently.

Potential Impact

If the claims are valid, the exposure of this type of data could pose significant risks. The combination of names, contact details, and detailed purchase history could facilitate targeted phishing and smishing campaigns, as attackers could craft highly personalized messages referencing specific rental orders. Loyalty numbers could be targeted for account takeover attempts or fraud. Furthermore, the aggregation of this personal and behavioral data could increase the risk of identity theft or be used for credential stuffing attacks against customers who reuse passwords.

What to Watch For

• Verification of Claims: The provided MD5 hash could be used by security researchers to identify this specific dataset if it appears elsewhere. Monitoring for this hash or references to “Intersport Rent” in other breach repositories is advised.
• Corroborating Evidence: Watch for any public statement from Intersport Rent regarding a potential incident, or for customers reporting targeted phishing attempts referencing ski rental details.
• Actor Activity: Note if the alias “placenta” becomes associated with other data leaks, which could indicate a pattern or establish a reputation.
• Data Circulation: Observe if the dataset is mentioned or traded on other criminal platforms, which could confirm its existence and increase its dissemination.

Disclaimer

This report details unverified allegations from a dark web forum. The claims of a data breach at Intersport Rent and the extent of the exposed data have NOT been independently confirmed by Yazoul Security. The provided details, including the file hash and data counts, are solely from the threat actor’s post. The actor’s unknown reputation and the lack of publicly available proof samples necessitate a high degree of skepticism. Organizations and individuals should treat this as unconfirmed threat intelligence until corroborated by official sources or further evidence.