Posted on a well-known cybercriminal forum, the file could have been just one more leak among many of its kind published every day. But the archive posted publicly by a forum user on Sunday, September 4, contains the personal data of around a thousand customers (including the Le Monde group) of the Micro-SOC Endpoint solution, marketed by Orange Cyberdefense. It is therefore particularly sensitive: the leaked lists the surname, first name, telephone number and e-mail address of the IT manager of the companies affected, that is to say of people whose part of their job is precisely to ensure their cybersecurity.
The author of the text that accompanies the publication thus offers users free access to a file counting, according to him, “1,584 Orange Cyberdefense customer data”. This figure actually corresponds to the number of lines in the document and the exact number of customers affected remains unknown, Orange Cyberdefense citing “several hundred customers”. In addition to personal data, the author of the message also claims that “access to their servers is also for sale”without giving more details on the nature of this offer.
Orange Cyberdefense informed the customers affected by this leak on Monday 5 September. The company “confirms the publication on a specialized forum of a file containing personal data relating to a few hundred French customers of the Micro-SOC service” and promises that investigations are underway. The company also explains that it has taken measures to notify the competent authorities, but does not mention the origin of the data leak.
Interesting profiles for hackers
The interest of the file disseminated is not in the number of companies affected, but rather in the role occupied by most of the people concerned: the archive thus includes several IT managers or people responsible for the cybersecurity of the organizations. So many profiles that are generally discreet and not very exposed, but which are a gold mine for cybercriminals who would like to target French companies. This information can, for example, be used to carry out phishing campaigns, allowing attackers to steal credentials and gain access to the victim’s computer system.
The Micro-SOC Endpoint offer offered by Orange Cyberdefense is a tool for setting up systems for detecting and responding to attacks on workstations and servers, while delegating administration and maintenance to security teams. ‘Orange Cyberdefense. The service also offers access to attack information, personalized advice and tools for creating fake phishing campaigns to educate employees.
The organizations concerned range from very small businesses to large groups, including several local authorities. There are also personal data belonging to IT managers working in French hospitals.