Orange has been the victim of a cyberattack. A hacker managed to get his hands on a host of internal documents belonging to the French group. They include email addresses, source code, invoices and contracts, as well as personal information about customers and employees. Partial information on customers' payment cards, most of which have expired, was also stolen. In detail, the leak includes 600,000 customer data, and 380,000 unique email addresses.
Leak hits Orange's Romanian subsidiary
Most of the stolen information concerns Orange's Romanian subsidiary and its branch dedicated to credits, Yoxo. As reported by our colleagues at Bleeping Computer, Orange has confirmed the data leak:
According to the company, the attack targeted a non-critical application, Atlassian Jira, the identification system used by the subsidiary. By exploiting this software, the attacker was able to penetrate the company's servers for more than a month. Subsequently, he exfiltrated data with impunity for a period of three hours. The theft took place last weekend, and did not trigger any security alerts.
A failed extortion attempt
Behind this computer attack is a hacker who calls himself Rey. A member of the HellCat gang, which specializes in ransomware attacks, the hacker first tried to to extort money from Orange. In exchange for the data, he demanded a ransom. He left a ransom note on Orange's system. The hacker was met with a categorical refusal.
In response, he published all of the recovered data on BreachForums, the hub for compromised information. The 6.5 GB database is now in the hands of all cybercriminals. This is a threat to Orange customers in Romania, who risk finding themselves in the sights of phishing scam specialists, or victims of identity theft.
As a reminder, the HellCat gang is responsible for the cyberattack against Schneider Electric. Having recently appeared, it is known for publishing its victims' data on criminal forums if they refuse to pay the ransom.
Outdated data
According to researcher Clément Domingo, some of the data is "5 years old". Orange even specifies that most of the compromised information is obsolete. The historic operator assures that it has opened an investigation to understand what happened.
The track of a security flaw in the Jira software is favored for the moment. For its part, Rey specifies that it also used compromised identifiers as part of its offensive. It is therefore thanks to previous leaks that the hacker was able to achieve his ends. Orange is committed to: “comply with all legal obligations associated with such incidents” and to cooperate “with the relevant authorities to resolve this issue”.
Source: Bleeping Computer
0 Comments