Pax8 accidentally exposes partner data - 1,800 MSPs have customer info and licensing details exposed

News
By published

A Pax8 employee apparently sent an email with the wrong attachment

Data leak
(Image credit: Shutterstock)
  • Pax8 employee mistakenly emailed spreadsheet exposing data of around 1,800 customers
  • File contained 56,000 entries with organization names, SKUs, licenses, and renewal dates
  • Pax8 requested deletion; criminals reportedly attempted to buy the leaked list

Pax8, a cloud commerce marketplace for Managed Service Providers (MSP), has said it inadvertently exposed sensitive data on about 1,800 of its customers after an employee sent an email with an attachment by mistake.

The company confirmed the news in a follow-up email notifying affected businesses about the mishap.

“Earlier today, 13 January 2026, a Pax8 employee mistakenly sent an email with an attached spreadsheet to fewer than 40 UK-based partners,” the email reads. “The attachment did not contain personally identifiable information. However, the file included limited internal business information reflective of your Pax8 pricing and some Microsoft program management.”

Millions in damages

The email, titled “Potential Business Premium Upgrade Tactic to Save Money”, contained internal pricing and Microsoft program information affecting primarily UK businesses, and one located in Canada.

After reaching out to a few recipients, BleepingComputer learned the CSV file that was attached contained customer organization names, Microsoft SKUs, license counts, and New Commerce Experience (NCE) renewal dates.

There were more than 56,000 entries in the document, the publication further found, including

Partner Name and ID
Customer Name and ID
Vendor Name and Product Name
Gross & Net Bookings
Currency Total Quantity
Territory
Account Owner
Provision Date
Cancelled Book Date
Postal Code
Transaction Type
Commitment Term End Date

Pax8 said the leak will not impact Marketplace availability or security controls and added that it reached out to all recipients and asked for the emails to be deleted and not further distributed.

It is also being reported that cybercriminals are reaching out to the recipients as well, trying to purchase the list. So far, the information has not leaked on the dark web, so it is safe to assume that no one sold just yet.

Pax8 currently has more than 47,000 partners worldwide and operates in 18 countries.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.