the data of 15,000 French people was compromised

the data of 15,000 French people was compromised
the data of 15,000 French people was compromised

The massacre continues. A computer hacker has just put a database stolen from Direct Assurancean online insurance company, a subsidiary of the AXA group. The ad, viewed by 01Net and spotted by Zataz, appeared on BreachForums, a forum considered the Amazon of cybercrime by researchers.

The cybercriminal, who hides behind the pseudonym near2tlgindicates having been able penetrate the systems of the French group using a “employee access”. Everything suggests that the hacker used compromised credentials to orchestrate the offensive. These valid credentials opened the door to the entire infrastructure for him.

Also read: Cyberattacks in – the latest data leaks and companies affected

Compromised IBANs and RIBs

Once in the system, the cybercriminal exfiltrated personal data from “6137 customers and 9517 prospects”i.e. a total of more than 15,000 individuals. The stolen information includes victims' names, email addresses, and phone numbers.

In the case of customers, near2tlg also got hold of banking details, starting with the IBAN (International Bank Account Number). As was the case during the Free hack, customers' banking numbers end up in the hands of criminals. During several experiments, 01Net was able to demonstrate that the theft of the IBAN could lead to fraudulent withdrawals from your account. It is therefore not to be taken lightly.

In this case, the hacker also obtained the RIB, or Bank Identity Statementcustomers of the insurance company. This document, which uniquely identifies a bank account in the French banking system, is used to carry out financial transactions, such as transfers, direct debits or deposits.

The RIB includes a mountain of data, namely the name of the bank, the bank code (a five-digit code which identifies the bank), the branch code (another five-digit code which identifies the bank branch), the account number, the RIB key (a two-digit code which allows the accuracy of the RIB to be verified), the name of the account holder, and the address of the bank branch. That’s more than enough to debit a bank account without hindrance…

All this information is recorded in a file in .json format. This is a “ frequently used for large databases ». The seller indicates that the directory will be transferred to a maximum of three buyers.

Very busy pirates at the moment

As pointed out About youit is the same hacker behind the cyberattack that struck a hospital in the region who is behind the operation. By relying on a compromised account, the hacker near2tlg was able to steal more than 750,000 French people's medical records. Again, he put the stolen data up for sale on BreachForums. near2tlg is also responsible for the cyberattack against Le Point. The intrusion resulted in the theft of data of 915,899 users. He also claims the hack of SFR, which had nevertheless been claimed by another gang.

In the eyes of Damien Bancal, the researcher of the Zataz blog, the pirate “a well-established methodology” and only attacks “to large and sensitive databases, with a strong potential for resale on the dark web”.

On his Telegram channel, near2tlg specifies that he “is not a person, but a collective”which saw the light of day “only seven days”. On Telegram, the group speaks in French.

“We have already reported security vulnerabilities on the affected sites. Yet, instead of responding to our alerts and fixing these vulnerabilities, these companies preferred to prioritize profits, accumulating billions in revenue while neglecting the security of their users.affirms near2tlg.

The threat of infostealers

To obtain the compromised identifiers on which the Direct Assurance cyberattack is based, the hacker was able to go through of the infostealerviruses designed for data theft. As Benoit Grunemwald, researcher at ESET France, explains to us, the “most efficient means” to get “valid login and password” remains the infostealer.

Deployed en masse on millions of computers, this malware is programmed to siphon off all information stored by users. These viruses are responsible for many of the most fearsome cyberattacks in recent months, including the hacking of hundreds of Snowflake customers.

???? To not miss any news from 01net, follow us on Google News and WhatsApp.

Source :

About you

-

-

PREV Supreme Leader Khamenei vows 'scathing response' to any attack on Iran and its allies
NEXT BP abandons oil reduction target