A threat actor known as Addka72424 has compiled a massive database index containing 52,511,569 verified records from 25 separate French datasets, according to dark web forum postings reported by security researchers.
The threat actor describes France as "currently a very leaky country" and has created what they call a "temporary unofficial index" of leaked French databases. All datasets are claimed to be verified, backed up, and downloadable after unlocking with forum credits.
The Scale of Exposure
| Metric | Value |
|---|---|
| Total records | 52,511,569 |
| Source datasets | 25 |
| Country targeted | France π«π· |
| Industries affected | Multiple |
| Sample data | Available on forum |
| Threat actor | Addka72424 |
| Access method | Forum credits unlock |
Complete Database Index
The following 25 databases comprise the full index:
Government & Public Services (16.6M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| ANTS | 12,091,914 | 2025 | French National Agency for Secure Documents |
| CAF.fr / Pass'Sport | 6,368,677 | 2025 | French social security & youth sports program |
| Francetravail.fr | 302,313 | 2025 | French government job agency |
| Pajemploi.fr | 689,415 | 2025 | Childminder employment service |
Telecommunications & ISPs (19.7M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| France.fr ISP | 19,192,947 | 2024 | French Internet Service Provider |
| SFR / OSIRIS | 490,153 | 2024 | French telecom operator |
Employment & Education (3.6M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| Hellowork | 2,864,136 | 2025 | French job platform |
| Grenoble EM | 448,002 | 2024β2025 | French business school |
| Allegromusique.fr | 161,413 | 2025 | French music education platform |
| Gofluent.com | 89,459 | 2025 | Language learning platform |
Retail & E-Commerce (2.3M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| Cultura.com | 1,219,263 | 2025 | French cultural retailer |
| Truffaut.com | 277,826 | 2025 | Gardening & home dΓ©cor retailer |
| Cybertek.fr | 241,125 | 2024 | Computer & networking retailer |
| Clin-d'Oeil.fr | 459,861 | 2025 | French optician company |
Sports Federations (3.4M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| French Sports Federations | 3,277,687 | 2025 | Collection of sports federation breaches |
| Echecs.asso.fr | 113,953 | 2025 | French Chess Federation |
Financial & Professional Services (2.4M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| Reduction-impots.fr | 1,927,077 | 2025 | French wealth management |
| Clyosystems.com | 147,820 | 2023 | French financial software company |
| Europages French clients | 205,403 | 2025 | Business directory clients |
Other Services (2.5M+ records)
| Source | Records | Year | Description |
|---|---|---|---|
| Multiple French websites | 1,654,111 | 2025 | Various French websites collection |
| Chronopost.fr | 861,084 | 2025 | French shipping company |
| Murfy.fr | 497,647 | 2025 | Home appliance repair company |
| Homedesign3d.net | 300,463 | 2025 | Interior design application |
| Auto-ici.fr | 180,783 | 2025 | French auto dealer |
| Trescal.com | 70,981 | 2025 | Metrology & calibration services |
| EDF.fr | 32,167 | Unknown | French energy company |
Why Data Aggregation Is Dangerous
While individual breaches expose isolated data points, aggregated databases compound risk exponentially:
1. Cross-Referencing Enables Identity Reconstruction
When records from 25 different sources are merged, attackers can:
- Match partial records across datasets
- Fill gaps in victim profiles
- Verify data accuracy through correlation
- Build comprehensive identity packages
2. Verified Data Commands Premium Prices
The listing emphasizes "verified records" β meaning the data has been:
- De-duplicated and cleaned
- Validated against live systems
- Tested for freshness and accuracy
- Organized for immediate exploitation
3. Searchable Indexes Enable Targeted Attacks
Unlike raw data dumps, indexed databases allow attackers to:
Query: "Find all records matching:
- Age: 35-55
- Income: >β¬80,000
- Location: Paris
- Has mortgage: Yes"
Result: Targeted list for financial fraud
Attack Vectors Enabled
With 52 million French records indexed, criminal operations can scale dramatically:
Identity Fraud
| Attack Type | Enabler |
|---|---|
| Loan fraud | Full identity packages |
| Account takeover | Email + password combinations |
| Tax fraud | Personal + financial data |
| Insurance fraud | Health + identity records |
| Benefit fraud | Government ID details |
Social Engineering
- Spear phishing: Personalized attacks using real employer, bank, or family details
- Vishing: Phone scams leveraging verified phone numbers with personal context
- CEO fraud: Targeting executives with researched profiles
- Romance scams: Building fake personas using real-world details
Financial Crimes
- SIM swapping at scale using verified phone/identity combinations
- Credit card fraud using aggregated payment histories
- Cryptocurrency theft through targeted phishing
- Real estate fraud with complete identity documentation
High-Value Targets in the Index
ANTS β National Secure Documents Agency
The 12 million records from ANTS (Agence Nationale des Titres SΓ©curisΓ©s) are particularly concerning. This agency handles:
- Passports and national ID cards
- Driver's licenses
- Vehicle registration documents
- Foreigner residence permits
Breach of ANTS data could enable:
- Document fraud at scale
- Identity theft with government-level verification data
- Border crossing fraud
- Vehicle registration fraud
CAF / Pass'Sport β Social Security Data
The 6.4 million records from CAF (Caisse d'Allocations Familiales) and Pass'Sport contain:
- Social security numbers
- Family composition data
- Income declarations
- Youth sports program enrollment
This data enables benefit fraud and targeted social engineering against families.
Hellowork β Employment Data
The 2.8 million job seeker records include:
- CVs with full work history
- Salary expectations
- Contact information
- Professional qualifications
Ideal for recruiter impersonation and employment scams.
Why France Is a "Leaky Country"
The threat actor's characterization reflects systemic issues:
| Factor | Impact |
|---|---|
| Centralized government services | Single breaches expose millions |
| Rich social welfare data | High-value targets for fraud |
| Fragmented corporate security | Multiple retail/service breaches |
| Valuable EU citizenship | Premium for identity documents |
| Strong purchasing power | Attractive for financial fraud |
The index spans 2023β2025 breaches, indicating ongoing vulnerability rather than isolated incidents.
What This Means for French Organizations
Immediate Risks
Organizations whose data may be included in these 25 source datasets face:
- Regulatory exposure: GDPR notification requirements and potential fines
- Reputational damage: Loss of customer trust when breaches surface
- Fraud liability: Increased fraud attempts against customers
- Legal action: Potential class action from affected individuals
Customer Impact
French citizens should assume their data may be compromised and:
- Enable fraud alerts with credit agencies
- Monitor accounts for unauthorized activity
- Use unique passwords across all services
- Enable MFA on financial and email accounts
- Be skeptical of unsolicited contact (even if caller knows personal details)
Defensive Measures
For Organizations
Immediate:
- Audit recent data access logs for anomalies
- Review third-party vendor security posture
- Implement or enhance data classification
- Enable database activity monitoring
Strategic:
- Adopt encryption at rest for all sensitive data
- Implement data minimization (don't store what you don't need)
- Deploy behavioral analytics for account monitoring
- Conduct regular penetration testing
For Individuals
| Action | Priority |
|---|---|
| Credit freeze/alerts | π΄ High |
| Password manager adoption | π΄ High |
| MFA on all accounts | π΄ High |
| Identity theft monitoring | π‘ Medium |
| Reduce data sharing | π‘ Medium |
The Aggregation Economy
This incident highlights a maturing cybercrime ecosystem where:
- Initial access brokers steal raw data
- Data processors clean, verify, and enrich records
- Index operators aggregate and organize for searchability
- Fraud operators purchase targeted subsets for specific schemes
Each layer adds value β and increases danger. A threat actor like Addka72424 specializing in aggregation represents the industrialization of identity fraud.
Key Takeaways
- 52.5M French records from 25 sources now searchable on dark web
- Government agencies breached: ANTS (12M), CAF/Pass'Sport (6.4M), Francetravail
- Major corporations affected: France.fr ISP (19M), SFR, Chronopost, Cultura, EDF
- Threat actor describes France as "very leaky country" β systemic vulnerability
- Data spans 2023β2025 β indicating ongoing, unresolved security failures
- Verified and indexed β ready for immediate exploitation
The most effective defense against aggregated data attacks is ensuring that even when data is stolen, it remains encrypted and unusable. Traditional perimeter security cannot prevent data aggregation β only data-level protection can limit the damage.
Concerned about data aggregation attacks? Learn how CIFER's encryption architecture ensures your data remains protected even when systems are compromised.