A major French tech firm, OVHcloud, has been forced to address claims of a massive data breach after a user on a dark web forum boasted about stealing nearly 600 terabytes of its private data. On 23 March 2026, a poster using the name Normal claimed on BreachForums that they had infiltrated the company’s server infrastructure, potentially affecting millions of websites and customers.
The Claims: Millions of Sites at Risk?
The scale of the alleged theft is stunning. The hacker claimed to have snatched information belonging to 1.6 million OVH Fresh customers and nearly 6 million active websites. According to the post, this included everything from the internal source code and private databases of these sites to server settings for users in the EU and the US. The poster even went as far as offering “targeted searches” for anyone looking to buy data from specific servers, suggesting they still had ongoing access to the company’s main accounts.
Despite the alarming headlines, researchers have cast serious doubt on whether a hack actually happened. When a real breach occurs, hackers usually share sample data to prove the authenticity of their claims; however, in this case, the user provided just one single line of data.
Researchers observed that the small sample, which included basic details like an email and phone number, lacked any real context, and that this kind of information is often floating around the internet already and doesn’t necessarily prove it came from OVHcloud. Experts suspect this may be a simple financial trick designed to con other criminals into paying for fake data.
Company Founder Denies Breach
Octave Klaba, the founder and chairman of OVHcloud, has also come forward to flatly deny the claims. He stated that after a thorough investigation into the hacker’s “sample,” the company found no evidence that the data came from their servers.
While the user behind the post has an “administrator” rank on the forum, they haven’t been linked to any other successful hacks. These forums, as we know it, are often hunting grounds for scammers who make big claims and then vanish once they receive payment. For now, it seems the 5.9 million websites hosted by the company are likely safe.
