Data of 600,000 beneficiaries at risk?

While the LulzSec group claims to have hacked CAF servers and stolen the personal data of 600,000 beneficiaries, the organization confirms a “data breach” of some accounts.

From the beginning of the month, the cyber criminals are on the rise! France seems to be the target of choice by hacking social security on an unprecedented scale, affecting not less than 33 million policyholders (see our article), but La Poste and Crédit Agricole. And free. It's clearly not over as cybercriminal group LulzSec claimed responsibility for hacking the Family Allowance Fund (CAF) on February 12, 2024 at 8 pm. On his account (formerly Twitter) and on its Telegram discussion channel. Operation leading to theft of personal data of 600,000 beneficiary accounts! At the same time, there were other attacks on other French actors.

But, what is it really? in A statementCAF explains that my account space was closed for a few hours following this message from LulzSec “as a precaution”But no security flaws were found and that's it“There was no intrusion into the system”. On the other hand, “Four accounts identified with screenshots, data breach proven.”CAF reveals. “Access to these four accounts was done without forcing the site's system, by providing passwords that the authors probably obtained elsewhere. This ensures that the Caf.fr site did not experience a security breach. For these four beneficiaries, the hackers were able to access them. Contact details and the amount of benefits last paid. But the bank Cannot access details (RIB).e“. The hackers contacted the targeted individuals. On the other hand, regarding the 600,000 hacked accounts, breaches “not verified”, and the investigation is still ongoing. Complaint and report submitted to CNIL.

CAF hacking: France threatened by series of cyberattacks

LulzSec is a hacker group known for hacking large companies and government agencies in a short period of time in 2011. Its victims included Sony – which compromised millions of accounts -, EA and Nintendo , but also the Brazilian presidency and government sites. and the site of the United States Senate. The CIA managed to bring the site to its knees, before the authorities were dismantled! In short, its effectiveness no longer needs to be demonstrated, and when it says it has succeeded in an operation, we pay a lot of attention to it! But for now, it's difficult to verify the veracity of the hackers' claims. Cyber ​​criminals telephone numbers and addresses. A series of screenshots were published showing the accounts of several beneficiaries with personal data such as emails – but this information is unclear. It appears that the hackers were able to obtain the passwords of these accounts, which allowed them to log in whenever they wanted – and thus access more personal data, this time more sensitively, such as postal address, marital status, number of children in the household. Income etc.

has Following the announcement, CAF indicated that website maintenance was in progress, preventing millions of people from accessing their accounts. Next morning the site is working again. At the time of writing, LulzSec has not yet announced what it intends to do with this data, so we invite you to change your password as a precaution and be alert to any phishing attempts you may suffer – we can easily imagine that cybercriminals have hijacked CAF's identity by asking you to refund an overpayment via a corrupted link, for example .

In addition to this action against CAF, the group appears to have carried out a denial of service attack Against Total Energies website, in collaboration with hacker group Anonymous. At the same time, LulzSec published a list of emails from France's diplomacy site. A true assault on all fronts, and it doesn't look like it's over! Hackers have already announced their importance. Let's face it!