Brinztech Alert: The Alleged Data of Cocolis are on Sale

Dark Web News Analysis

The dark web news reports a potentially massive data breach involving Cocolis.fr, a popular French collaborative delivery and transport service. A threat actor is selling a database allegedly containing 6,769,320 user records.

The seller is asking for $2,800 and claims the data will be sold only once, utilizing Telegram for negotiations. The compromised fields reportedly include First Names, Last Names, Telephone Numbers, Email Addresses, and Physical Addresses. Notably, the breach date was listed as January 24, 2026, which has raised questions about the timeline of the extraction, though the volume of data suggests a significant compromise of the platform’s historical user base.

Key Cybersecurity Insights

Breaches of “last-mile” or peer-to-peer delivery services are highly effective enablers for one of the most common forms of cybercrime—SMS phishing:

• The “Colis En Attente” Smishing: The primary risk is SMS Phishing. With 6.7 million phone numbers and the knowledge that these users use delivery services, scammers can send texts saying: “Cocolis: Your package cannot be delivered due to an incorrect address. Update it here.” These links lead to pages that steal credit card numbers under the guise of a small “redelivery fee.”
• Burglary & Physical Safety: Cocolis connects people sending items with travelers. The exposure of Physical Addresses linked to names creates a risk of targeted burglary, especially if the transaction history (not explicitly mentioned but implied in “user records”) reveals users who frequently ship valuable items or have large homes.
• Database Fabrication Risk: The initial reports noted a date anomaly (claiming a future date relative to when the ad first appeared). This could imply the data is either fabricated, or the attacker “pre-announced” the sale. However, if the data is real, the “Sold Once” model suggests it may be purchased by a dedicated spamming group rather than being leaked publicly.
• Platform Trust: For a peer-to-peer economy platform, trust is the currency. A leak of this magnitude (6.7M users) could severely damage Cocolis’s reputation, as users rely on the platform to keep their home locations private from strangers until a deal is made.

Mitigation Strategies

To protect users and platform integrity, the following strategies are recommended:

• Delivery Verification: Users should never click on links in SMS messages claiming to be from Cocolis. Always log in directly to the official app or website to check shipment status.
• Breach Validation: Cocolis administrators must urgently compare the sample data provided by the seller with their internal databases to confirm if this is a real breach or a “combolist” (aggregation of old leaks) repackaged to look like Cocolis data.
• Password Reset: If the breach is confirmed, force a password reset for all users to prevent credential stuffing.
• Address Monitoring: Users should be vigilant regarding unsolicited mail or unexpected visitors, given the exposure of home addresses.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com