Updated Tuesday, January 21, 2025
Carrefour denies having been the victim of a cyberattack. In a press release sent to 01Net, the French brand explains that it was informed "of a possible illegitimate connection to one of our computer systems or that of one of our partners, leading to a risk of theft of certain personal data of our customers" on January 20, 2025.
The group then opened an investigation to verify the hacker's statements. Carrefour emphasizes that its teams "immediately mobilized to carry out all the necessary analyses to verify this information". After investigation, the company assures that "Carrefour's systems were not the subject of an illegitimate connection and that customer data was not compromised". However, Carrefour specifies that "the investigative work continues."
———————————————————————————————–
It's Carrefour's turn to find itself in the crosshairs of cybercriminals. This Sunday, January 19, 2025, a hacker put up for sale a database belonging to the major French retailer. The data is highlighted on BreachForums, the platform considered the Amazon of cybercrime.
13 million Carrefour customers affected
As reported by researcher Clément Domingo on X, the directory includes the data of 13 million people. It would contain the first name, last name, full postal address, phone number, email address, profile information, date of birth, preferences, and shopping cart information of customers. This data can obviously be very useful to hackers who want to orchestrate online scams, such as phishing attacks. The database "only includes people who have ordered on the site", explains the seller in the ad, consulted by 01Net.
At this stage, it is impossible to verify the claims of the seller, who goes by the name LaFouine on BreachForums. To prove his point, the hacker shared a sample of the data. According to Clément Domingo, this sample is "quite meager". It is not enough to prove the cybercriminal's assertions.
A recent hack
Nevertheless, 4 other cybercriminal users of BreachForums with a good reputation attest to LaFouine's statements. In addition, "this new cybercriminal is selling 5 other databases, 3 of which have been "authenticated"" by the hacker community. It is always by relying on the reputation of a seller that it is possible to corroborate his statements. If he is telling the truth, the data was probably stolen recently. The information in the sample is indeed recent.
The hacker asks interested criminals to make an offer in cryptocurrencies. He accepts payments in Bitcoin, Litecoin and Monero, a currency known to be untraceable. LaFouine encourages potential buyers to contact him on Telegram.
In early 2025, several French brands have already fallen victim to cybercriminals. This is the case for Kiabi and Showroomprivé. Both companies were victims of a so-called “credential stuffing” attack, which simply consists of recycling already compromised information to try to access the infrastructure of another site.
0 Comments