The hacking of merchant sites continues. This time, it’s Darty’s turn, with a hacker claiming to have stolen nearly 3 million customer data from Darty. Is this a real masterstroke or yet another bluff?
It never ends! For several weeks now, French companies and organizations have been victims of serial hacking, which has resulted in the theft of personal data of customers and users. And it doesn’t seem to be stopping! After Boulanger, Truffaut, Cultura, SFR and even the Retirement Insurance, it seems that it is now the turn of Darty, the French chain of stores specializing in the sale of household appliances and electronic products, to fall victim to hacking. A hacker claims to have seized 3,239,289 million user data, as noted by researcher Clément Domingo on X. Everything was put up for auction on a hacking forum, for a starting price of around 450 euros. But this information should be taken with a grain of salt…
Darty hack: loot of more than 3 million data?
At this time, it is not known what data is affected by the leak. According to the cybercriminal, he accessed this data from an operator interface… Also, the question arises of a compromise of a Darty employee by an infostealer, a malware designed solely to steal information from an infected machine, such as login IDs, passwords, banking information, etc. “The same modus operandi was used for some of the cyberattacks in recent weeks in France”underlines Clément Domingo. Several brands have indeed suffered cyberattacks, starting with Boulanger and Cultura, which led to the leak of 27 million and 2.7 million customer data respectively.
CYBERALERT: FRANCE | 3M data from the Darty brand on sale for $500 by cybercriminals?
During the night, my various probes* brought me this new alert: a sale of information from the French brand Darty.
The cybercriminal(s) would have put pic.twitter.com/BCXZh4MRFb
— SaxX. (@_SaxX_) September 21, 2024
This information should still be taken with great caution. It is entirely possible that the hacker is lying and is only looking to ride the wave of cyberattacks to make a profit. This is what happened recently, when a scammer claimed to have seized nearly 87 million “lines” stolen from Temu., the hard discount platform (see our article). It turns out that this data had actually been in the air for three years. The hacker tried to make money by presenting the data as recent and exclusive. Caught in the act, he was banned from the criminal forum. The same goes for Action, where a hacker claimed to have seized 10,000 customer records. Again, this is not the case since the company was able to “confirm that the data published by the hacker does not come from our systems”. Another false alarm!
It is still better to apply a precautionary principle, especially since, with the French Days approaching, cybercriminals could be very tempted to use this data to create their campaigns. Indeed, when they get their hands on databases, they use them to adapt their traps and make their messages more credible. Also, as always, do not respond hastily to emails, text messages, calls, and even registered letters whose sender you do not know or which seem suspicious to you. Take the time to verify the identity of the person you are talking to before doing anything!