Industry - Data Breach
Executive Summary
French email provider Alinto left an Elasticsearch database exposed online, leaking 40 million email records containing sender and recipient addresses, location details, and relay IP addresses. The breach affected major corporations including L'Oreal, Renault, and DHL, as well as numerous French government agencies with at least 14,000 government email addresses exposed. Security researchers discovered the unsecured database and notified Alinto, which has since secured the server.
What Happened
French email provider Alinto left an Elasticsearch database unsecured and accessible to anyone on the internet, exposing 40 million email records. The leaked data included sender and recipient email addresses, location details, and relay IP addresses from the company's Cleanmail.eu email security relay solution. Security researchers from Cybernews discovered the exposed database in April 2026 and notified Alinto, which then secured the server.
Who Is Affected
The breach affected major corporations including L'Oreal, Renault, and DHL, as well as numerous French government agencies at multiple levels - government branches, municipalities, and French embassies worldwide. At least 14,000 unique government email addresses were exposed, along with 4.5 million unique email addresses overall from the 40 million SMTP records. Anyone whose email passed through Alinto's relay services during the exposure period had their sender/recipient information and location details accessible online.
Why It Matters
This breach demonstrates how third-party email service providers can create systemic privacy risks that extend far beyond their direct customers to affect communications across entire sectors. The exposure of government communications alongside corporate email metadata creates significant risks for phishing attacks, social engineering, and mapping organizational relationships. The scale of 40 million records from a single misconfigured database highlights how basic security oversights at infrastructure providers can compromise privacy for millions of users who never directly chose that service.
What You Should Do
If you work for or communicate with the affected organizations, be extremely cautious of targeted phishing emails that may reference legitimate communication patterns revealed by this breach. Enable multi-factor authentication on all email and organizational accounts immediately, as attackers now have verified email addresses and communication relationships to exploit. Contact your organization's IT security team to determine if your communications were affected and whether additional protective measures are being implemented. Consider reviewing and limiting what sensitive information you include in email communications, as metadata alone can reveal significant details about your activities and contacts.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.