A few days ago, several French sports federations were the target of a cyberattack. Hackers managed to exfiltrate a mountain of data on the members of the federations, such as names, first names, dates of birth, email addresses, and postal addresses.
The intrusion originated from a vulnerability in a service provider in charge of the license and management spaces on behalf of several sports federations. In fact, we can assume that many other federations were also targeted by cybercriminals.
Eight databases for sale on BreachForums
As reported by researcher Clément Domingo, a hacker has also put up for sale a total of eight hacked databases belonging to sports federations on a criminal forum. The cybercriminal, who goes by the alias TheFrenchGuy, posted the stolen directories on BreachForums, the hub for all the stolen data.
The list of sports federations affected includes the French Boxing Federation, the French Motorsport Federation, the French Motorcycling Federation, the French Roller & Skateboard Federation, the French Sports and Cultural Federation, the French Archery Federation, the French Mountain and Climbing Federation, and the French Strength Federation.
It includes two federations that announced their hacking earlier this week, the French Mountain and Climbing Federation and the French Archery Federation. In the latter case, the leak dates back to December 2024, the hacker indicates.
A digital goldmine
In total, the personal data of more than 4.5 million people are found on BreachForums. The hacker "got his hands on a real digital goldmine", estimates Clément Domingo on his X account. One of the directories, that of the French Automobile Sports Federation, is said to contain the data of several automobile champions, namely Pierre Gasly and Esteban Ocon.
TheFrenchGuy offers some of the databases up for auction. In some cases, he suggests that other hackers contact him to agree on a price by private message. He demands payment in cryptocurrencies from interested buyers. The seller is in negotiations with several hackers, according to public communications we have seen on BreachForums.
Once sold, these databases risk leading to a wave of online scams, including phishing attacks. Cybercriminals will likely use them to try to steal money from Internet users who reside in France. This is why we recommend that you exercise extra caution.
0 Comments