A hacker boasts of having stolen the personal data of no less than 1.5 million users of the LDLC site, the specialist in the sale of computer equipment. What is it really ? And what should you fear if you are a customer?
The current context is particularly electric for French companies and organizations! With the Olympic Games fast approaching, the country is facing a surge in cyberattacks. Whether hospitals, banks, operators or public institutions, absolutely no one is spared! While Sidaction has just announced that hackers had seized some of the personal data of donors, notably bank details (see our article), it is the turn of LDLC, a French group specializing in selling computer equipment online, to face what appears to be a massive leak.
The company represents a prime target for hackers. Already in 2021, LDLC suffered from the Ragnar Locker ransomware, which resulted in many of the company’s internal data being put up for sale on the Dark Web. Because the group of hackers had managed to penetrate its internal systems… This time, a hacker claims to have stolen, on February 27, 2024, a database containing the data of 1.5 million LDLC customers.
CYBERALERT | LDLC, 1.5M of data would be for sale by a cybercriminal
A malicious actor (hacker) would be in possession of 1.5M of data from the LDLC site.
As a reminder, #LDLC is THE French leader in e-commerce specializing in computer components pic.twitter.com/OoS1BURppN
— Only SaxX (@_SaxX_) February 29, 2024
LDLC hacking: an investigation is underway
The alert was launched on X (formerly Twitter) by Anis Ayari, AI engineer, and Clément Domingo, ethical hacker. A hacker allegedly claimed, on a Dark Web forum, to put for sale data including the names, first names, email addresses, postal addresses, cell phones and landlines of users of the group’s site, but also other information such as data accountants. The sale price is not publicly known.
There would be 1.5 million user data from @LDLC which would have leaked…
You should know that in 2021, there was a hacker group “Ragnar Locker” which had already claimed penetration into the company’s systems.
But apparently this is a dump from 27 pic.twitter.com/ekRoMyB0Zp
— Anis Ayari | Defend Intelligence (@DFintelligence) February 29, 2024
AI engineer Anis Ayari noticed that the seven customers cited as examples in the post by the hacker all lived in Puy-de-Dôme, which led him to doubt the existence of the data of 1.5 million of users and wondering if the database was not taken from a particular store. We don’t know more at the moment. LDLC stated that it had been “informed of the situation” and having initiated an investigation with its cybersecurity partners. He will say more when the time comes.
So, bluff or real spoils of war? Impossible to say at the moment, because the current context leaves doubt. The information should therefore be taken with a grain of salt, given that no one has yet purchased or verified the data. As a precaution, we recommend that you change your password if you have a personal space on the site and keep yourself informed. The fact remains that with the increase in cyber threats in the run-up to the Olympic Games – not to mention the growing tensions with Russia and around the situation in Gaza –, there will be more and more claims of hacks in the days, weeks and months to come...