Boulanger has been hacked! A hacker has put 27 million customers’ personal data up for sale on a famous hacking forum. The information has been confirmed by the brand, so vigilance is required!
Like all major retailers, Boulanger is an attractive target for cybercriminals because of the colossal amount of personal information it holds on its many customers. So when it comes to hacking, panic quickly sets in! However, cybersecurity researcher SaxX has discovered that a cybercriminal managed to exfiltrate “a database with 27,561,592 rows” information on the group’s customers, as he indicates on X. The stolen data included the name, first name, telephone number, full postal address, geographic coordinates (latitude and longitude) and email address of French people who had already placed orders with Boulanger. In short, everything needed to conduct targeted phishing campaigns or steal the identity of victims. This information was put up for sale on “The Amazon of Cybercrime”The brand has indeed confirmed the existence of an attack through from a press release on LinkedIn.
Boulanger hack: beware of phishing and identity theft
“During the night of September 6 to 7, Boulanger was the victim of an act of cyber-malicious attack on some of our customer information. The data recovered is only delivery addresses. No customer banking data is affected.”explains Boulanger, emphasizing that “The incident has been contained and all of our customers have been informed.”
In his announcement, the hacker actually indicates that the data dates from “a few days”their freshness making the information all the more valuable for future buyers. He does not indicate the sale price, but recommends that interested parties come and negotiate with him on Telegram, the instant messaging application highly prized by hackers. He also indicates that he sells the databases of other well-known French brands, such as Cultura, Truffaut, and Assurance Retraite.
It remains to be seen whether all the data is authentic or whether its number has been artificially inflated. Indeed, it is not uncommon for cybercriminals to put up for sale databases that are partly outdated or artificially generated, notably using artificial intelligence tools like ChatGPT in order to mislead potential buyers or create false panic.
For its part, Boulanger assures that the data leak only concerns the postal address, and that telephone numbers and email addresses are not affected. The company specifies that “a few hundred thousand customers” are victims of the cyberattack only.
This latest hack is part of the wave of computer intrusions that have hit many French companies in recent months. Just a few days ago, SFR revealed that an attacker had stolen the data of 50,000 subscribers by compromising a tool reserved for the technicians of one of its partners. Also, we should expect phishing campaigns in the coming weeks. Indeed, when they get their hands on databases, scammers use personal information to adapt their traps and make their messages more credible. In short, if you are a customer of the brand, be extra vigilant in the coming weeks and as always, do not respond hastily to emails, text messages, calls, and even registered letters whose sender you do not know or which seem suspicious to you. Take the time to verify the identity of the person you are talking to before doing anything!