Brinztech Alert: Database of Reglo Mobile on Sale

Dark Web News Analysis

Cybersecurity intelligence from February 18, 2026, has identified a high-priority sale on a dark web forum targeting Reglo Mobile, a French mobile virtual network operator (MVNO) owned by E.Leclerc. A threat actor claiming a “full takeover” of the database is marketing the sensitive information of nearly 360,000 individuals, requesting payment via encrypted messaging on Session.

The breach is exceptionally dangerous because it provides all the necessary components for total digital identity hijacking. The exfiltrated dataset reportedly includes:

• Personally Identifiable Information (PII): Full names, physical addresses, and verified contact details for 358,000 customers.
• Financial Credentials: Partial IBANs, BIC codes, ICS, and RUM details for 124,000 customers, providing a blueprint for banking fraud.
• Telecom Security Keys: Over 123,000 PUK codes, which are the master keys used to unlock SIM cards.
• Sensitive Communication Metadata: Detailed logs of calls, SMS, and data usage patterns.
• Authentication Tokens: Active JWT (JSON Web Tokens), suggesting a live, unpatched vulnerability in the company’s authentication framework.

Key Cybersecurity Insights

The breach of a mobile provider like Reglo Mobile represents a “Tier 1” threat with severe implications for the French telecommunications landscape:

• Industrialized SIM Swapping: The exposure of 123,000+ PUK codes is a critical failure. Attackers can use these codes to perform unauthorized SIM Swaps, effectively stealing a victim’s phone number to intercept 2FA codes for banking, social media, and government (FranceConnect) accounts.
• Financial Siphoning and “SEPA” Abuse: With the combination of IBANs, BIC codes, and RUM (Unique Mandate Reference) details, threat actors can authorize fraudulent SEPA Direct Debits. This allows them to siphon funds from French bank accounts under the guise of legitimate service payments.
• Live Session Hijacking: The presence of valid JWT tokens indicates that the breach may not just be a static data dump. It suggests that attackers have found a way to generate or steal active session tokens, allowing them to impersonate users on the Reglo Mobile portal in real-time.
• Privacy and Surveillance Risk: The leak of call and SMS logs provides a detailed map of a user’s social circle and daily habits. This data can be used for targeted extortion, corporate espionage, or sophisticated social engineering against high-profile French citizens.

Mitigation Strategies

To protect your mobile identity and secure your financial accounts following this massive exposure, the following strategies are urgently recommended:

• Immediate Account and PIN Reset: If you are a Reglo Mobile customer, change your account password and SIM PIN immediately. If you have reused your Reglo password for your primary email or bank, rotate those credentials across all platforms using a unique, complex passphrase.
• Bank Account Monitoring (IBAN/BIC): Contact your bank and inform them that your IBAN and Mandate Reference (RUM) may have been compromised. Monitor your statements for any unauthorized direct debits and request a “Whitelisting” approach for all new mandates.
• Transition to Hardware-Based MFA: Given the high risk of SIM swapping, stop using SMS for two-factor authentication. Transition your critical accounts (Email, Banking, FranceConnect) to App-Based MFA (e.g., Google Authenticator) or Hardware Security Keys (e.g., YubiKey) which cannot be intercepted via a swapped SIM.
• Reglo Mobile System Hardening: The company must perform a forensic audit of its JWT generation and storage protocols. Revoke all active session tokens and implement Rate Limiting and IP Whitelisting for administrative API endpoints to prevent further exfiltration.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From agile SMEs and global enterprises to national agencies, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities before they can be exploited. Whether you are protecting a local business or a government entity, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your citizens’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com