Family situation, address, email, telephone, history of last payments… The hacker group LulzSec claimed on its social networks to have got its hands on the data of 600,000 CAF accounts, supporting screenshots .
A seemingly dizzying raid, just a few days after a major cyberattack against two third-party payment operators, Viamedis and Almerys, affecting 33 million people according to the CNIL.
But the CAF only confirms the “data violation” of only four beneficiaries.
LulzSec claimed Monday evening on X (formerly Twitter) and Telegram that it had hacked 600,000 Family Allowance Fund accounts, causing concern on social networks.
The four captures shared include the personal portal of several beneficiaries, some information of which has been blurred, as well as a list of data, which suggests that thousands of other people would have been affected.
The hacker group did not specify for what purpose it could have obtained this information.
These cyberhackers made headlines around ten years ago after claiming responsibility for multiple attacks, not fearing to attack the FBI or the Sony site in particular.
PWNED By lulzSec pic.twitter.com/dbuyMn0ZJ0
— KizaruSH / DeepHack (@kizarush) February 12, 2024
On the ".
“As a precaution, the caf.fr site was closed for several hours last night,” confirms the organization, contacted by Le Parisien.
However, he assures that "no security breach has been detected on the site" and that "no intrusion has occurred in the system", allowing the platform to reopen normally this Tuesday.
🚨🔴CYBERALERT🔴 |
The CAF website in France 🇫🇷 under maintenance since yesterday night
Millions of beneficiaries of social benefits have not been able to connect to their personal space since midnight yesterday.
This follows a probable cyberattack on 600,000 accounts… https://t.co/lxQTE32sm9 pic.twitter.com/bXh3TLnKzE
— SAXX (@_SaxX_) February 13, 2024
“Data breach” of only four accounts
According to the CAF, only four beneficiary accounts, those identified in the screenshots, were affected.
For them, “the data breach is proven”.
The four people were “identified”, contacted, and “their accounts completely secured”.
She once again assures that the pirates did not manage to enter the site: “Access to these four accounts was done without forcing the site's system, by entering passwords probably obtained elsewhere by the authors” .
As the captures show, the hackers had access to the recipients' contact details and the last amount of benefits paid, but not to their bank details.
Read alsoMore than 33 million people affected: the questions that arise after the massive theft of medical policyholder data
As for the 600,000 accounts that would have been affected, “investigations are underway”, but at this stage, these violations “are not certified”, assures the CAF.
However, “the teams are mobilized both on investigations and on monitoring connection spaces”.
A complaint was filed, and a report made to the CNIL.
Contacted, the latter specifies having “received a notification of violation which is currently being investigated”, but does not communicate further at this stage.
However, the CAF recommends changing your password if in doubt and remaining very vigilant if you receive an email purporting to come from the organization.
Double-check the sending email address, do not open attachments or click on the links provided, rules of caution that the government website Cybermalveillance points out.
It is also important to keep an eye on the date and time of the last connection to your personal account, to ensure that no one has accessed it in the meantime, and to log out after use.