What Happened
In June 2025, specifically around June 27-30, TheSqua.re, a global serviced-apartment provider, suffered a data breach when threat actor “888” disclosed stolen user data on DarkForums.st, affecting approximately 86,360 to 107,041 unique individuals across 100,540 rows of records. Compromised data included full names, email addresses, phone numbers (mobile and work), cities/geographic locations, account creation dates, status, subscription flags, rewards balances, and user types (corporate/leisure), with no prior public breaches reported for the company and TheSqua.re unresponsive to disclosure attempts despite legitimacy confirmed by affected users. The breach likely stemmed from an unsecured database or application vulnerability, raising risks of phishing, scams, and identity theft, though exact intrusion details remain undisclosed.
