Orange confirmed that he had been the victim of a cyber attack, which led to the disclosure by a hacker of thousands of internal documents on a hackers forum. But don’t panic, stolen data is obsolete.
Like all Internet operators, Orange is an attractive target for cybercriminals, due to the colossal quantity of personal information that ISP has on its many subscribers. Also, when it comes to hacking, it’s quickly panic! Once is not customary, the historic operator was the victim of an intrusion, as revealed Bleeping Computer.
A pirate calling himself Rey has managed to infiltrate servers and steal numerous internal data, including information about employees and customers. After a failed extortion attempt, he finally published all of the files stolen on a famous criminal forum. Orange, however, ensures that most of the data is obsolete. In addition, France is not concerned since a large part the stolen data comes from Orange Romania and its local subsidiary of credits, Yoxo.
Cyberalert, Romania | The Orange subsidiary in Romania affected by a cyber attack: the data has been broadcast for free on the “Amazon of Cybercrime” after a rated rated request by the cybercriminal!
A few moments ago, a cybercriminal, pic.twitter.com/samhirg67l
– saxx _ () _/ (@_saxx_) FEBRUARY 25, 2025
Orange hacking: mainly obsolete data
This data leak, published on the forum within a large 6.5 GB file, concerns 380,000 unique email addresses, source code, invoices, contracts, but also personal information on customers and employees. Partial information on payment cards, largely expired, customers have also been stolen.
The attacker explains that he had access to orange systems for more than a month before starting to extract the data. He therefore embarked on an exfiltration of 3 hours, without the operator managing to detect him. The flight has been confirmed by Orange, which specifies, however, that the data is now obsolete. “”
We have taken immediate measures, and our absolute priority remains to protect the data and interests of our employees, customers and partners. There was no impact on customer operations “, provides the operator. He is committed to “comply with all legal obligations associated with such incidents” and to collaborate “With the competent authorities to resolve this problem”.