Major Data Breach Exposes Personal Information from Japanese Real Estate Platforms
On April 9, 2026, a significant data breach was reported involving six major Japanese real estate websites: SUUMO, CHINTAI, At Home, HOME’S, Ouchino, and Chintai EX. The incident, disclosed by the independent outlet Daily Dark Web, exposed 2.78GB of data, including 2.4 million records with 976,824 email addresses and sensitive personal details.
The leaked information encompasses:
- Customer IDs and registration dates
- Names (in Japanese and Roman letters)
- Phone and mobile numbers
- Email addresses
- Demographic data (age, gender, work history, income, family structure)
- Property preferences (type, budget, location, nearest station, floor area)
- Current living details (rent, reason for moving)
- Property listing URLs and management information
The compromised data is being sold on the dark web for 1,000 euros (approx. ¥185,000). While the exact source of the leak remains unclear, speculation points to vulnerabilities in a property information-sharing system used exclusively by real estate companies.
This breach follows a prior incident in July 2024, when SUUMO suffered unauthorized access, though that event was limited to 1,313 records belonging to current or former employees no customer data was affected at the time. The latest breach marks a far more severe compromise, impacting a broad user base across multiple platforms.
Source: https://gigazine.net/gsc_news/en/20260409-japanese-estate-platforms-data-breach/
株式会社リクルート住まいカンパニー cybersecurity rating report: https://www.rankiteo.com/company/recruit-sumai
Chintai cybersecurity rating report: https://www.rankiteo.com/company/chintai
At Home Group Inc. cybersecurity rating report: https://www.rankiteo.com/company/athomestores
"id": "RECCHIATH1775708870",
"linkid": "recruit-sumai, chintai, athomestores",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'SUUMO',
'type': 'Real Estate Platform'},
{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'CHINTAI',
'type': 'Real Estate Platform'},
{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'At Home',
'type': 'Real Estate Platform'},
{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'HOME’S',
'type': 'Real Estate Platform'},
{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'Ouchino',
'type': 'Real Estate Platform'},
{'customers_affected': 'Included in 2.4 million records',
'industry': 'Real Estate',
'location': 'Japan',
'name': 'Chintai EX',
'type': 'Real Estate Platform'}],
'data_breach': {'data_exfiltration': 'Yes (data sold on dark web)',
'number_of_records_exposed': '2.4 million records, 976,824 '
'email addresses',
'personally_identifiable_information': 'Yes (names, phone '
'numbers, email '
'addresses, '
'demographic data)',
'sensitivity_of_data': 'High (personally identifiable '
'information, demographic data, '
'property preferences)',
'type_of_data_compromised': ['Customer IDs',
'Registration dates',
'Names (Japanese and Roman '
'letters)',
'Phone and mobile numbers',
'Email addresses',
'Demographic data (age, gender, '
'work history, income, family '
'structure)',
'Property preferences (type, '
'budget, location, nearest '
'station, floor area)',
'Current living details (rent, '
'reason for moving)',
'Property listing URLs',
'Management information']},
'date_detected': '2026-04-09',
'date_publicly_disclosed': '2026-04-09',
'description': 'A significant data breach involving six major Japanese real '
'estate websites (SUUMO, CHINTAI, At Home, HOME’S, Ouchino, '
'and Chintai EX) exposed 2.78GB of data, including 2.4 million '
'records with 976,824 email addresses and sensitive personal '
'details. The leaked data is being sold on the dark web for '
'1,000 euros (approx. ¥185,000).',
'impact': {'brand_reputation_impact': 'Likely significant',
'data_compromised': '2.78GB of data, 2.4 million records',
'identity_theft_risk': 'High',
'systems_affected': 'Six major Japanese real estate websites '
'(SUUMO, CHINTAI, At Home, HOME’S, Ouchino, '
'Chintai EX)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (1,000 euros)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (data sold on dark web)',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in a property '
'information-sharing system used '
'exclusively by real estate '
'companies'},
'references': [{'date_accessed': '2026-04-09', 'source': 'Daily Dark Web'}],
'title': 'Major Data Breach Exposes Personal Information from Japanese Real '
'Estate Platforms',
'type': 'Data Breach',
'vulnerability_exploited': 'Vulnerabilities in a property information-sharing '
'system used exclusively by real estate companies'}