A major cyberattack was recorded last week. The Mulliez group, owner of 130 commercial brands, saw millions of sensitive customer data posted online on the dark web. The brands concerned include Cultura, Boulanger, Pepe Jeans and Truffaut, but also other more uncertain names, such as Kiabi, Leroy Merlin, Flunch, Norauto, Décathlon, PicWicToys and Jules, which also belong to the industrial giant. The computer hardware sellers CyberTek and GrosBill are also affected, as well as the Dijon transport network Drivia Mobilité.
In total, there are more than 30 million sensitive information which were auctioned on the pirate forum BreachForums. The leak originated from a user with the pseudonym Horror404x/horrormar44 assures that he has in his possession names, addresses, emails and telephone numbers.
How to react if you are concerned?
If you are concerned, you should react quickly. No banking data has probably been stolen, and the leaked information dates back several years, according to initial analyses. The CNIL has been notified of the incident, in accordance with the legal regulations in force, as well as all Internet users (1.5 million in total) likely to have had their data compromised.
If you have received an alert email from Cultura or Boulanger, you should take some precautions in advance. Be careful, it will be be extra vigilant about the emails you receive. You are particularly likely to be targeted by a phishing campaign in the coming weeks and months. Be careful never to open links without having verified the sender and the purpose, do not enter your bank details to pay for so-called “redelivery costs” on a package you are not expecting, and remain skeptical of calls and emails pretending to be from a trusted merchant site or an official organization. If you have the slightest doubt, go through the official website of the companyor by a reliable contact telephone number.
Another important step: change your password and enable two-factor authentication if possible. Ideally, it is necessary to use a strong and different password for each site: a password manager, for example, allows you to find your way around. A priori, no banking data has been leaked, the latter being prohibited from being stored in clear text on merchant sites. However, it is easy for a hacker to cross-reference his sources and compile your data to obtain a complete and detailed profile of his future victim.
???? To not miss any news on the Journal du Geek, subscribe on Google News. And if you love us, we have a newsletter every morning.
