La Poste alerts its customers about a computer intrusion which ended in theft of data of 50,000 users. Sensitive information, already on sale on the Dark Web. Caution !
The hacking wave continues to surge on French companies, and it does not seem to want to stop! Each week, we learn a new data leak. At the end of February, the cybersecurity site Zataz Alerted to the fact that a hacker had put personal information on the Dark Web on the Dark Web of more than 50,000 users of a “sub-division” of La Poste. A discovery that did not suggest anything good …
Following this alert, the company conducted the investigation. In an email sent to her customers, she indicates that she has discovered an intrusion into her systems which allowed the pirate, who calls herself H4TR3D W0RLD, to seize a large number of data. It was therefore not a false alert. Among the stolen data are names, first names, email addresses, postal addresses, birth years and customer telephone numbers. On the other hand, banking information and passwords have not been compromised.
Piracy La Poste: Intrusion on the stamp election site
The intrusion, which took place on February 25, was carried out on the election of the stamp, an annual event which puts philately, the collection of stamps, in the spotlight. The general public is invited to your online for his favorite stamps among those issued during the previous year and to participate in a competition in the hope of winning various prizes.
Since then, the site has been offline and displays the following message: “Dear participant/dear participant, due to maintenance work, the site election site is temporarily unavailable. We are actively working to restore service as soon as possible. Thank you for your understanding.” In accordance with the legislation, La Poste notified the National Commission for Data Protection (CNIL) and filed a complaint.
People who used the election of the stamp in the past years must therefore be particularly vigilant because, personal data having been put up for sale, they can be used for phishing campaigns – which consist in sending false messages to recover banking or personal data – for targeted attacks and identity theft. Caution therefore.