What Happened
In late May 2023, the Russian website leroymerlin.ru, operated by the hypermarket chain Leroy Merlin, suffered a data breach that became publicly known in June 2023, exposing over 5 million customer records (specifically 5,102,911 announced and 5,102,907 imported). The compromised data included names, phone numbers, email addresses, passwords stored as salted MD5 hashes, genders, dates of birth, physical addresses, geographic locations, site activity, and social profiles, totaling about 1.5 GB in size. This incident targeted the Russian operations of the e-commerce and retail platform and does not appear connected to separate Leroy Merlin breaches in France reported in 2025.
