While investigating the dark web, Zataz discovered "a massive leak of personal data" concerning 16.3 million French people. The directory is made up of 11 files, totaling 2 GB. It is located on a storage space belonging to a French-speaking cybercriminal.
A shower of personal data
To determine the authenticity of the data, the specialized blog extensively analyzed the database files. It contains a mountain of sensitive data on the French. Damien Bancal, the expert in charge of Zataz, explains that he has unearthed 16,397,079 names, 14,003,002 emails, and 3,629,587 phone numbers. 2,655,791 IP addresses were also identified by the hackers.
Among the compromised email addresses are numerous Hotmail, Orange, Gmail, Yahoo, and Hotmail accounts. Several Free and SFR addresses are also affected. The database also contains the names of several French operators, namely Orange, SFR, and Lyca Mobile. Finally, Zataz points out that French cities are particularly well represented in the directory, with 42,977 victims identified in Paris. Cities like Marseille, Lyon, Bordeaux, and Lille are also heavily affected. The researcher believes that the directory contains "databases stolen from companies" and "groupings of customer information".
Compromised banking data
Even more worrying, the directory contains banking information on the victims. These include 851 IBAN account numbers and more than 80 bank card numbers. With this information, combined with the data mentioned above, a hacker can carry out fraudulent direct debits. Following last year's cyberattack against Free, 01net demonstrated that it is possible to carry out fraudulent direct debits using only the IBAN. To organize these thefts, it is sufficient to combine the IBAN with other personal information, such as that contained in a bank account details slip. A cybercriminal can then initiate a fraudulent direct debit authorization.
Furthermore, the data is a goldmine for cybercriminals who make money by orchestrating phishing campaigns. This wealth of information allows them to design credible and effective scams. The leak of this data, the exact origin of which is still unknown at this time, contributes to increasing the risks already affecting all Internet users in France.
In this context, we recommend that you exercise caution and adopt the right reflexes to protect yourself. Take the time to choose a unique and complex password for all your accounts, and enable two-factor authentication whenever possible. Zataz goes even further and recommends creating a single email address for all your online accounts, which minimizes the risk of data leaks and aggregation.
Source: Zataz
0 Comments