OVHcloud: OVHcloud breach claimed by hacker, millions of users potentially affected

OVHcloud Faces Alleged Cyberattack with Potential Data Breach Affecting Millions

A threat actor known as contactbreachforums has claimed responsibility for breaching OVHcloud, one of Europe’s largest web hosting providers, allegedly compromising a primary account and associated servers. The group asserts that the attack resulted in the exfiltration of sensitive data, though OVHcloud has not yet confirmed the breach’s authenticity.

According to the cybercriminals, the incident may have impacted 1.6 million customers and 5.9 million active websites hosted on the platform. The purportedly stolen data includes personal customer information such as names, phone numbers, email addresses, and physical addresses as well as website-related details, including source code, databases, and server configurations. The threat actor shared samples of usernames and provided a Telegram contact (@doxeur) for negotiations, suggesting a ransom demand.

The claims emerge amid a series of technical outages OVHcloud experienced in February, which disrupted services for numerous websites and applications. The most severe incident occurred at its Gravelines, France, data center, where an electrical failure caused prolonged downtime. While OVHcloud attributed these disruptions to operational failures, the timing has raised questions about potential vulnerabilities.

If verified, the breach could undermine confidence in European cloud providers, particularly as they compete with global giants like AWS, Microsoft Azure, and Google Cloud. The incident also underscores challenges in Europe’s push for digital autonomy, where local providers must demonstrate resilience comparable to their international counterparts. OVHcloud has yet to issue an official statement confirming the attack.

Source: https://www.escudodigital.com/en/cybersecurity/ovhcloud-breach-claimed-by-hacker-millions-of-users-potentially-affected.html

OVHcloud cybersecurity rating report: https://www.rankiteo.com/company/ovhgroup

"id": "OVH1774513748",
"linkid": "ovhgroup",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '1.6 million customers, 5.9 '
                                              'million active websites',
                        'industry': 'Cloud Services',
                        'location': 'Europe (Gravelines, France data center)',
                        'name': 'OVHcloud',
                        'size': 'Large (one of Europe’s largest web hosting '
                                'providers)',
                        'type': 'Web hosting provider'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Names, phone numbers, '
                                                        'email addresses, '
                                                        'physical addresses',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information, proprietary website '
                                        'data)',
                 'type_of_data_compromised': ['Personal customer information',
                                              'Website-related details (source '
                                              'code, databases, server '
                                              'configurations)']},
 'description': 'A threat actor known as *contactbreachforums* has claimed '
                'responsibility for breaching OVHcloud, one of Europe’s '
                'largest web hosting providers, allegedly compromising a '
                'primary account and associated servers. The group asserts '
                'that the attack resulted in the exfiltration of sensitive '
                'data, though OVHcloud has not yet confirmed the breach’s '
                'authenticity. The purportedly stolen data includes personal '
                'customer information and website-related details. The '
                'incident may have impacted 1.6 million customers and 5.9 '
                'million active websites.',
 'impact': {'brand_reputation_impact': 'Potential undermining of confidence in '
                                       'European cloud providers',
            'data_compromised': 'Personal customer information (names, phone '
                                'numbers, email addresses, physical '
                                'addresses), website-related details (source '
                                'code, databases, server configurations)',
            'downtime': 'Prolonged downtime due to electrical failure '
                        '(Gravelines, France data center)',
            'identity_theft_risk': 'High (personal customer information '
                                   'exposed)',
            'operational_impact': 'Disrupted services for numerous websites '
                                  'and applications',
            'systems_affected': 'Primary account and associated servers'},
 'investigation_status': 'Unconfirmed (OVHcloud has not verified the breach)',
 'motivation': 'Ransom',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Implied (Telegram contact provided for '
                                   'negotiations)'},
 'references': [{'source': 'Threat actor claim (contactbreachforums)'}],
 'response': {'communication_strategy': 'No official statement confirming the '
                                        'attack yet'},
 'threat_actor': 'contactbreachforums',
 'title': 'OVHcloud Alleged Cyberattack with Potential Data Breach',
 'type': 'Data Breach'}