A “technical bug” is believed to be the cause of this data leak. The French classified ads website, founded in 2006 by the Norwegian company Adevinta, confirmed this Thursday that it had been the victim of a “technical incident”, causing a significant leak of personal data. Contacted, the Leboncoin platform conceded that “a tiny portion of (its) users” had “been affected by a technical incident, now resolved, which affected messaging for a limited period”.
Concretely, personal data of certain buyers – that is to say their first name, their last name, their telephone number as well as their email address – were displayed in the notification email received by the sellers following a first exchange in messaging”, we explain internally, insisting on the fact that this data “could only be consulted by the seller with whom they were in direct conversation”. “No third party has had access to these elements,” promises Leboncoin.
Also read: Fnac, BeReal, BlaBlaCar, Leboncoin… The Digital Services Act now applies to all platforms
Furthermore, “no data linked to passwords or banking information is affected in the context of this incident,” continues the platform. Before specifying: “We take the protection of our users and their data particularly seriously. The origin of the incident (technical bug) was quickly identified and the bug resolved.
In addition, Leboncoin wished to reiterate its commitment to “constantly work on the implementation of technical and organizational measures aimed at preventing this type of incident, in collaboration with our data protection officer” and specified that it had “ informed the National Commission for Information and Liberties (CNIL) in accordance with the regulations for the protection of personal data.
More fear than harm therefore, if we are to believe the platform, even if the timing had suggested the worst. In recent days, several computer attacks targeting the State and other administrative sites such as France Travail have been widely publicized. But nothing to see here, since it is only “an internal technical incident”, far from any external attacks aimed at collecting personal data.
