It's Carrefour's turn to find itself in the crosshairs of cybercriminals. This Sunday, January 19, 2025, a pirate put up for sale a database belonging to the major French distribution brand. The data is highlighted on BreachForums, the platform considered the Amazon of cybercrime.
Also read: More than 5,000 sites compromised in mysterious cyberattack
13 million Carrefour customers affected
As researcher Clément Domingo reports on X, the repertoire includes data from 13 million people. There you would find the first name, last name, full postal address, telephone number, email address, profile information, date of birth, preferences, and shopping cart information. This data can obviously be very useful to hackers who want to orchestrate online scams, such as phishing attacks. The database “only includes people who have ordered on the site”explains the seller in the ad, consulted by 01Net.
At this point it is impossible to verify the seller's statementswho goes by LaFouine on BreachForums. To prove his point, the hacker shared a sample of the data. According to Clément Domingo, this sample is “quite skinny”. It is not enough to prove the cybercriminal's assertions.
A recent hack
However, 4 other cybercriminal BreachForums users with a good reputation attest to LaFouine's comments. Moreover, “this new cybercriminal sells 5 other databases, 3 of which have been “authenticated”” by the hacker community. It is always by relying on the reputation of a seller that it is possible to corroborate his statements. If he is true, the data was probably stolen recently. The sample information is indeed recent.
-The hacker asks interested criminals to do an offer in cryptocurrencies. It accepts payments in Bitcoin, Litecoin and Monero, a currency known to be untraceable. LaFouine encourages potential buyers to contact him on Telegram.
“Cyberattacks and information leaks are increasing in France. We risk returning to the same catastrophic pace as we experienced in the last quarter of 2024”explains Clément Domingo, who closely follows data leaks in France.
At the start of 2025, several French brands have already suffered from cybercriminals. This is the case for Kiabi and Showroomprivé. Both companies were victims of a so-called “credential stuffing” attack, which simply consists of recycling already compromised information to try to access the infrastructure of another site.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Related News :