In recent weeks, cyberattacks have accelerated in France. Several French brands have been targeted by hackers specializing in the theft of personal data. This is the case for Boulanger, Truffaut, SFR, Free, Picard and even Auchan.
Also read: Following the Free hack, a “massive” wave of scams targets subscribers
Personal data, the alpha and omega of cyberattacks
In the majority of cases, hackers steal data to make money. With this in mind, they can demand a ransom, exploit the information to orchestrate scams, or resell the data to the highest bidder on black markets frequented by cybercriminals. For hackers, data is therefore worth gold.
“Once your personal data is exposed, it is already too late. This information is resold on a secondary black market, where it can be combined with other stolen data to carry out even more targeted attacks, with the ultimate goal often being to obtain victims' banking information.explains Bernard Montel, Technical Director at Tenable, emphasizing that the “cybercrime has become a real industry”.
To get their hands on this valuable information, hackers must find a way to penetrate their targets' computer systems. Here again, several options are open to them. They can try to infiltrate the system through a third party whose security is faulty… or exploit the information already in their possession. This is the solution that was favored by the hackers who hit the French retail giants. In fact, more than 85% of cyberattacks are based on data compromised upstream, says a study by the American operator Verizon.
The criminal strategy that is causing data theft to explode
Behind some of the offensives in recent weeks has been a tactic known as « credential stuffing » or “credential stuffing” in French. This practice, very widespread in the criminal world, consists of using identifiers (usernames and passwords) stolen from a platform to try to access other accounts on online services.
Too often, users use the same logins and passwords to secure multiple accounts, or even their entire accounts. A TechRepublic study indicates that more than half of Internet users use the same password to secure multiple accounts. It's like having one key to open your house, your car and your safe. With just one key, the thief can take everything from you.
“Again and again the problem is the bad habit of people to use the same password or the same password base everywhere! »underlines security researcher Clément Domingo in an exchange with 01Net.
Cybercriminals are obviously well aware of this bad habit. As Benoit Grunemwald, public affairs director at ESET France, explains to us, hackers have a habit of recycling compromised information to orchestrate other cyberattacks, the same way you recycle your passwords:
“After a data breach, cybercriminals collect thousands of emails and use automated programs to test them on multiple sites. A reused single password becomes a backdoor to your entire digital life, especially if that access opens your email. It then becomes possible to reset passwords easily ».
In fact, cybercriminals use of scripts or of bots to test identifiers on other sites. This helps automate login attempts at scale. Access attempts then take the form of a wave of attacks.
“It has become very easy for cybercriminals to automatically test your username or email + password on 5, 6, 10 other sites you are on,” relates Clément Domingo.
This is what happened when Intermarché was the victim of a “hacking attempt during the weekend of November 2 and 3, 2024”. According to information obtained by researcher Clément Domingo, unknown hackers used thousands of password and username combinations in order to access accounts. The maneuver was promptly identified and blocked by the group's IT security services. All affected accounts have been temporarily blocked by Intermarché.
In the case of the cyberattack on Picard, which occurred shortly after, the defenses were not as effective. The operation, identified as “credential stuffing”, resulted in the theft of the personal data of 45,000 customers who were members of the brand's loyalty program. A “credential stuffing” attack was also at the heart of the intrusion into the Family Allowance Fund (CAF) which occurred in August.
This is partly why data leaks, and intrusions, have exploded on the rise since the start of the school year. Everything suggests that a database of some kind has fallen into the hands of a gang of cybercriminals. These began to mass test the pairs of identifiers obtained on a flowering of online services. In some cases, the identifiers coincided, which opened the doors to other platforms. Ultimately, they were able to siphon off even more data. And so on. Each leak increases the risk of other leaks…
“The consequences can be devastating: identity theft, bank theft, access to sensitive personal data, even blackmail. Companies also see their information systems potentially compromised”recalls Benoit Grunemwald.
How to protect yourself against “credential stuffing”?
To prevent hackers from breaching all your accounts with a single compromised database, you should not especially not recycle your passwords. For Benoit Grunemwald, it is imperative to “diversify your passwords”et “each account must have a unique combination”.
If you're (legitimately) worried about forgetting your passwords, use a password manager. This type of service will list all of your codes and identifiers in a single application. Likewise, you will be reminded to opt for a secure password, composed of a random succession of numbers, letters and symbols. This is essential in the current context.
Finally, the expert from ESET France recalls the importance of two-factor authentication. This is the best additional protection available today… and it is too often neglected.
For the record, the absence of this additional layer of protection is one of the factors behind one of the biggest credential stuffing attacks of the year. A few months ago, cybercriminals armed with a mountain of compromised credentials managed to hack around a hundred Snowflake business clients. The investigation showed that all affected firms had failed to enable two-factor authentication when configuring their servers in the cloud. In fact, the hackers used data stolen from employees to penetrate the servers without the slightest hindrance. The intrusion made it possible to siphon off a wealth of confidential information.
As cyber attacks continue, we recommend that you regularly check whether your data has been compromised. For this, you can go to le site open source HaveIbeenPwned or use the scanner offered by Google. If these tools indicate that your password is compromised, take the time to change it immediately.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
