In January, a hacker named TheFrenchGuy exploited a vulnerability to penetrate the systems of several French sports federations. The cybercriminal managed to steal the personal data of more than 4 million members. After being auctioned off, the data ended up on several other criminal platforms. In early June, a hacker re-shared all of the data stolen in January on a pirate forum.
Data stolen from two sports federations returned
A few weeks later, Zataz spotted some of the data stolen from the sports federations on another dark web platform. Only the information stolen from the French Boxing Federation and the French Strength Federation has just resurfaced.
This time, it is the personal information of 684,500 French people that is affected. Specifically, there are 620,000 members of the boxing federation, and 64,500 members of the strength federation.
Banking and medical data in the wild
Among the data for sale, there is a huge amount of sensitive information, including medical and banking data. The directories include the names, dates and places of birth, full contact details, medical information, and the IBAN of the victims. Zataz does not specify the nature of the medical data that was hacked. To prove his point, the seller has in any case posted several samples of the data online.
Of particular concern is the compromise of IBAN numbers. As 01net demonstrated following last year's cyberattack against Free, it is possible to carry out fraudulent direct debits using only the IBAN. With an IBAN and some additional personal information, such as that from a bank account details account, a hacker can easily initiate a fraudulent direct debit from an account without the owner's consent. Given the large amount of data compromised in recent years, a hacker can easily get their hands on the data they need.
The seller is believed to be none other than TheFrenchGuy, the hacker behind the hack. Under another name, the criminal is reportedly seeking to monetize the data he has exfiltrated by exploiting a security flaw in an external service provider, common to many French federations.
The individual is offering interested parties the opportunity to negotiate the data via private message. He exclusively accepts payments in Monero (XMR), presumably to stay under the authorities' radar. For the moment, the hacker has not yet communicated a price range on the Russian-language forum. According to the latest news, the data has not yet been sold. Once purchased, they risk increasing the digital threats weighing on the French...
Source: Zataz
0 Comments