Threat actor xNov leaked the full production database of Smarteez, the digital factory operating for LβOreal Morocco, exposing operational data for La Roche-Posay, Vichy, CeraVe, and Dercos from mid-2023 to early 2026. The public leak includes 296 pharmacies, over 361,000 sales analytics records, OAuth2 client IDs with 128-character plaintext client secrets, PBKDF2-hashed user accounts, extensive competitive intelligence media, admin audit logs, and system configuration details. #xNov #Smarteez
Keypoints
- xNov publicly leaked Smarteezβs complete production database used by LβOreal Morocco.
- The breach affects four brands β La Roche-Posay, Vichy, CeraVe, and Dercos β spanning mid-2023 to early 2026.
- Exposed data includes 296 pharmacies with full location and territory details and 361,000+ sales analytics records.
- Critical credentials and config data leaked: 22 OAuth2 apps with plaintext 128-character client secrets, 26 PBKDF2-hashed user accounts, and 519 Django session records.
- The leak contains over 1 million merchandising and competitive intelligence media files plus a 4,504-entry admin action log and APK download URL.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!