An Engie IT service provider was the victim of a cyberattack, and the personal data of more than 130,000 customers was stolen. The pirate who published them on a forum justifies his action by raising the price of gas.
Be vigilant if you are an Engie customer! A database of more than 138,000 people who subscribed to the energy supplier was posted on a hacker forum on August 23, as reported by the alert site Zataz. HommedeLombre, the hacker behind the attack, has published the names, first names, e-mails, cities, telephone numbers of customers, as well as information about them. On the other hand, he withdrew the addresses of the domiciles, because he considers “that it is not ethical for customers who have not asked for anything” – what a great lord! Bank details and passwords would not be affected by this leak, placed under the sign of hacktivism. Indeed, the pirate carried out this operation in order to “to show that nothing is certain, even in the most important targets” but also and mostly, “in response to gas price inflation in France”, as his message on the forum indicates. A justification that he concludes with a “Strength to the hard workers, and to the French patriots!” at least unexpected.
Engie data leak: what consequences for customers?
The leak does not come from Engie itself, but from the Ma Prime Économie d’Énergie subdomain (of the monespaceprime.engie.fr site), which is managed by an external service provider. It is therefore the latter who was the victim of the cyberattack. To achieve this, the hacker exploited a so-called n-day flaw – an already exploited vulnerability for which a patch was provided – in a system or software. The data of 138,608 customers who registered with Engie between 2018 and April 2023 are therefore accessible on the Dark Web. The energy supplier has since confirmed the news with colleagues. In addition, he has filed a complaint and is actively collaborating with the competent authorities to resolve this case.
If the hacktivist took care not to publish the addresses of the customers’ homes and that the banking data were not a priori affected, the danger represented by this leak is far from negligible. Customers could face phishing attempts or other forms of scams, a malicious person being able to exploit this database and pretend to be Engie.
This new leak is a reminder of the importance of data security, especially when external service providers are involved. Recently, Pôle emploi also saw one of its service providers fall victim to a cyberattack, which resulted in the sale of sensitive data of more than 10 million job seekers on the Dark Web (see our article). Service providers appear to be more easily reachable targets than large groups, but with just as valuable information.