La Poste is warning its customers about a computer intrusion. By email, the public company indicates that malicious individuals have managed to disappear with a mountain of data on users. La Poste specifies that the stolen data includes the name, first name, email address, postal address, year of birth and telephone number. However, the hackers were unable to steal any bank details or passwords.
The intrusion targeted the Stamp Election website, an annual initiative by La Poste France to celebrate and promote philately, or stamp collecting. Organized since the early 1990s, the event encourages the French to vote for their favorite stamps among those issued during the previous year. It is possible to vote online and participate in a competition in the hope of winning various prizes. It was through this platform that the hackers achieved their goals.
In accordance with French law, La Poste notified the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority, of an attack. The agency is now free to investigate the incident and determine whether the postal firm had taken the necessary measures to protect its customers' data. In the process, La Poste filed a complaint a complaint.
50,000 French people affected by the data leak?
As reported by our colleagues at Zataz, a cybercriminal has already put the data up for sale on a black market. The hacker, who calls himself h4tr3d w0rld, announced the sale of a CSV file containing the private information of nearly 50,000 users of a subsidiary of La Poste last week. According to Zataz, it was this announcement that led La Poste to conduct an investigation. Little by little, the company realized that the hacker was not lying and that sensitive data had indeed been stolen from its servers.
According to h4tr3d w0rld, the data was exfiltrated on February 25, 2025. This is therefore recent data, very useful in the context of phishing attacks or identity theft attempts. With this information in hand, scammers will try to trap people registered on the Stamp Election site. The hacker offers his peers to buy the data by negotiating via Telegram. He did not indicate a fixed price.
The hacker “h4tr3d w0rld” has been making headlines since July 2024. Zataz” has in fact identified him in several data leaks, with the Bounty Chat forum, the iMeetings dating site and the Russian store Avto Podarok as victims.
The attack on La Poste is in addition to the many data leaks recorded in France since last year. The situation accelerated during the winter with the hack of Thermomix, Kiabi, E.Leclerq, and TopAchat.
Source: Zataz
0 Comments