Auchan alerts its customers. In an email sent to certain users, the French supermarket chain indicates that it has been the victim of a cyberattack. During the intrusion, the cybercriminals managed to steal a lot of personal data about consumers.
Also read: Amazon reveals it suffered a data leak
The list of stolen data
The email indicates that it is “part of the personal data associated with your loyalty account” which was compromised during this “unauthorized access”. Among the data siphoned off, we find the last name, first name, email and postal addresses, telephone number, family composition, date of birth, loyalty card number and the amount of card rewards. On the other hand, the “banking details, password, pin code” have not been compromised.
“All necessary measures were taken immediately to put an end to this attack and strengthen the protection of our information systems”promises Auchan in the warning.
Cybersecurity researcher Clément Domingo emphasizes that it is about data “fairly sensitive”. They can give rise to fearsome phishing attacks or operations based on identity theft. This is why Auchan invites “with the greatest vigilance” facing the “risk of fraudulent emails, SMS or calls”. In a reaction addressed to 01Net, Benoît Grunemwald, security researcher at ESET France, sounded the alarm:
“The complete contact details will be added to the already well-stocked databases of the latest data leaks. They can be used for targeted or generic phishing campaigns. Note that the numerous details can give rise to very precise and therefore very convincing messages.
As a reminder, “Auchan never asks you (whether by email, SMS or telephone) to ask you to communicate your personal codes or identifiers in any way”.
In accordance with French law, Auchan has notified the National Commission for Information Technology and Liberties (CNIL), the authority responsible for data protection in France.
“The black series continues in France”
As Clément Domingo points out, “the black series continues in France” with yet another leak of personal data. This year, French companies have become the preferred targets of cybercriminals.
This is particularly the case for consumer brands. In recent weeks, Picard and Intermarché have also suffered major cyberattacks. Intermarché managed to block the hackers' access attempts while Picard revealed that the data of 45,000 customers had been stolen. It seems that the wave of attacks is not going to stop anytime soon…
The snowball effect
Questioned on the question by 01Net, Benoît Grunemwald does not exclude the possibility that the Auchan attack is based on a “credentials stuffing” attack. Clearly, it is possible that the hackers used identifiers and passwords compromised upstream, and relating to other platforms, to enter Auchan accounts. This is the tactic that was used against Intermarché last week.
“After a data leak, cybercriminals collect thousands of emails and use automated programs to test them on multiple sites. A reused single password becomes a backdoor to your entire digital life »warns the ESET researcher.
This is why data breaches often have a snowball effect. The more leaks, the more compromised data there is online… which can fuel even more thefts and intrusions.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
