While three hackers were recently arrested, two cybercriminals have put up for sale on the Dark Web what they claim to be the database stolen during the France Travail hack. But is this really the case?
They are neither Russian, nor Chinese, nor members of a group of experienced computer hackers, but young people from Valence, in the Drôme – some of them even still live with their parents! Last Tuesday, the three computer hackers, aged 22 to 24, suspected of being responsible for the hacking of France Travail (formerly Pôle Emploi) were indicted for “fraudulent access and maintenance in a data processing system, data extraction, fraud and organized gang laundering”. They allegedly posed as an agent of Cap Emploi, a subsidiary of France Travail, having lost their access code in order to access the resources present on the France Travail information system. A search of their homes and an analysis of the computer equipment revealed that they were engaged in “a fraudulent activity using the phishing technique” (see our article).
As a reminder, France Travail announced that it had suffered a cyberattack on March 13 aimed at “potentially” 43 million people – a number which has been confirmed by the Paris prosecutor’s office. The first and last names, social security numbers, dates of birth, France Travail identifiers, email and postal addresses, and telephone numbers of current job seekers, as well as people who have been looking for work over the past twenty years. So much information that is used to commit scams of all kinds. However, the passwords and banking details were not leaked. But this story is far from over! As spotted Zataz, two cybercriminals announced the sale of allegedly stolen data on the Dark Web, through a hacking forum. So, bluff or real sale?
Hacking France Travail: data that has yet to be authenticated
“After refusing the payment request to prevent us from selling the database, we have decided to put it up for sale” , announces one of the two sellers. According to them, it would include information such as name, date of birth, social security number, France Travail identifier, email, postal code, telephone number, postal address, and IP address of users. In short, nothing new under the sun, these are the data mentioned by France Travail when announcing the hack. The two hackers then invite potential buyers to contact them on Telegram, an end-to-end encrypted instant messaging service popular with hackers, to negotiate their price.
For the moment, it is unknown what the link is between the people trying to sell the data and the three cybercriminals arrested by the police – and even if there is a link. In addition, it is impossible to verify the authenticity of the information sold by pirates. It could very well be a bluff or old information found on the Dark Web. The fact remains that the information stolen from France Travail represents a real gold mine. Indeed, even if bank cards were not affected in the cyberattack, the stolen data can be used to carry out sophisticated and personalized phishing attempts, which could fool the victims’ vigilance. Hackers can also use the stolen information to steal their identity or make loans in their name. Caution is therefore required, as always after this type of hacking!