More than 1,400 accounts of the Mutualité sociale agricole (MSA) were hacked via the FranceConnect digital identification portal. A cyberattack that questions the security of the Government’s authentication system…
FranceConnect, the identification solution created by the State to facilitate connection to various online services, has made remote administrative procedures much simpler. With this shared identification system, a single username and password are enough to securely access more than 1,400 sites and services – log into your Ameli account, apply for a passport on the ANTS site, access France Identity , the application containing a digital equivalent of the identity card, etc. (see our practical guide). But the system is far from infallible and it too is the target of hacking. Indeed, as reported Le Figaromore than 1,400 members of the Mutualité sociale agricole (MSA) – which manages social protection, health, family, retirement, for farmers and agricultural employees – have been victims of identity theft on FranceConnect.
“The MSA was informed on May 19 by FranceConnect of the identity theft of 1,410 MSA member accounts”, announced Patrick Armusieaux, information systems security manager for the Mutualité sociale agricole. Indeed, FranceConnect reported “an unusual activity considered to be at risk”, without however this leading to fraudulent activities. The MSA has obviously taken measures to inform the members concerned and temporarily close access to its services via FranceConnect, but many users now feel “at the mercy of a digital system”as they cannot defend themselves against these cyberattacks until they have suffered actual harm.
FranceConnect hack: a single identifier for all its accounts
In itself, this cyberattack concerns only very few people, since according to official statistics, more than 40 million people have used FranceConnect at least once. But the problem with this system is that if you get hacked, it’s not one account that’s compromised, but all of your accounts for public services. The potential damage is therefore much greater, especially since certain procedures and information are particularly sensitive.
And that’s without taking into account the fact that FranceConnect sometimes allows itself the piracy of a public service. In August 2022, Ameli temporarily suspended his access via this system following an increase in fraud, cybercriminals using Health Insurance identifiers to connect to taxes via FranceConnect. AT during this same period, loopholes allowed hackers to steal several thousand euros via the site of the Directorate General of Public Finances, “impots.gouv.fr”. The Interministerial Digital Department had confirmed a “upsurge in reports passing through FranceConnect” during the last months.
Faced with numerous attempts – and successes – at hacking, the Government has launched FranceConnect+, a more secure version for the most sensitive procedures, such as opening a bank account, accessing one’s medical file, receiving electronic registered letters, etc. This version of the identification service includes strong authentication, such as the obligation to enter a code or additional information after entering your identifiers – a bit like what online banks offer. In any case, it is essential to activate double authentication – it is the union minimum to protect your account.