LDLC, the specialist in the sale of computer equipment which has 1.5 million users, has been hacked again, with the theft of personal data. So, what should you fear if you are a customer?
The current context is particularly electric for French companies and organizations! Whether hospitals, banks, operators or public institutions, absolutely no one is spared from the hacking wave. After Boulanger, Truffaut, Picard, Cultura, Auchan, Molotov, Le Point, Mediboard, La Banque de France, Norauto, but also the telephone operators Free and SFR, it is the turn of LDLC, a French group specializing in the sale of online computer hardware, to face a new cyberattack.
The company represents a prime target for hackers. Already in 2021, LDLC suffered from the Ragnar Locker ransomware, which resulted in many of the company’s internal data being put up for sale on the Dark Web. Because the hacker group had managed to penetrate its internal systems… Rebelote in February 2024, when a hacker claimed to have stolen a database containing the data of 1.5 million LDLC customers.
But we all know the saying, never two without three! In a press release published on Tuesday December 10, 2024, the brand indicates having undergone “a leak of customer data”. However, it does not reveal the nature of the stolen data, other than that“no financial or sensitive customer data is affected”. The investigation is currently underway and affected customers will obviously receive compensation. Note that, this time, the hack could well be significant, because LDLC potentially affects the entire customer base of the French e-commerce leader. THISstarted to do a lot!
LDLC hacking: the third intrusion in a dark series
Last February, the alert was launched on X (formerly Twitter) by Anis Ayari, AI engineer, and Clément Domingo, ethical hacker. A hacker had claimed, on a Dark Web forum, to put for sale data including the names, first names, email addresses, postal addresses, mobile phones and landlines of users of the group’s site, but also other information such as data accountants.
CYBERALERT | LDLC, 1.5M of data would be for sale by a cybercriminal
A malicious actor (hacker) would be in possession of 1.5M of data from the LDLC site.
As a reminder, #LDLC is THE French leader in e-commerce specializing in computer components pic.twitter.com/OoS1BURppN
— Only SaxX (@_SaxX_) February 29, 2024
AI engineer Anis Ayari noticed that the seven customers cited as examples in the post by the hacker all lived in Puy-de-Dôme, which led him to doubt the existence of the data of 1.5 million of users and wondering if the database was not taken from a particular store. For its part, LDLC declared that it had been “informed of the situation” and having initiated an investigation with its cybersecurity partners.
CYBERALERT | LDLC, 1.5M of data would be for sale by a cybercriminal
A malicious actor (hacker) would be in possession of 1.5M of data from the LDLC site.
As a reminder, #LDLC is THE French leader in e-commerce specializing in computer components pic.twitter.com/OoS1BURppN
— Only SaxX (@_SaxX_) February 29, 2024
In a press release published on 1er Marchthe company indicated that “the LDLC Group was the victim of a customer data leak, relating to the scope of customers of the Group’s physical stores. Web customers are not impacted by this cyberattack”. By adding: “Investigations are still ongoing. No financial or sensitive data of customers of our physical stores is affected. Customers do not have to take any action. It is nevertheless recommended, as usual, to be vigilant on possible phishing attempts, requests for personal information.” Also, as a precaution, we recommend that you change your password if you have a personal space on the site and to keep yourself informed.