A group of hackers known as LulzSec claims to have hacked the Family Allowance Fund (CAF). Some 600,000 accounts would be affected, with personal data stolen which could lead to fears of the worst.
During the night from Monday to Tuesday, the CAF site was “under maintenance”, which can obviously happen during periods of low traffic, to make adjustments, updates or… following a data leak or a major computer attack. Ethical hacker Clément Domingo, aka Saxx, sounded the alarm this morning, and he did the right thing! Because a hacker group with a historic name, LulzSec, claims to be behind a cyberattack on 600,000 CAF accounts. What’s happening ?
Hackers would be in possession of a lot of information from CAF beneficiaries
On its dark social channel, the hacker group is not laughing. We see several screenshots of accounts of Family Allowance beneficiaries, to which they seem to have total or almost total access, with contact details, but also with the amounts of benefits. Among the information, we find the name, first name(s), postal address, telephone number and email address.
For the moment, it seems that we have to “make do” with screenshots. However, one of the group’s hackers posted a screenshot of what appears to be scraped and parsed data on the social network X.com. But it is difficult to know if they really belong to CAF beneficiaries, as the organization has not yet reacted.
Doubt is still there, and the updating of the CAF site shortly after LulzSec’s message is perhaps not a coincidence. So obviously, if you have not already been asked, change your CAF password immediately, and above all, do not click on any SMS or email link that would try to send you to a so-called CAF site. Phishing messages are already starting to circulate in this direction, with requests for additional questionnaires aimed at obtaining your date of birth, social security number and telephone number.
A particularly active group of hackers, which particularly targets France in its Olympic year
Taking a look at the very recent history of the LulzSec group, we realize that it pays particular attention to France. As recently as Sunday, he published a list of email addresses from the government website France Diplomatie.
Friday evening, he managed to bring down the website of the Victoires de la Musique, which took place that same evening. They also wreaked havoc on the National Assembly website and displayed links with a group that claims to represent Anonymous Europe.
LulzSec’s next target? Perhaps the official website of the Paris 2024 Olympic Games. The group already displays it on its social networks. Between the misdeeds of LulzSec, those of the Turk Hack Team group with cyberattacks against Crédit Agricole and La Poste, this Olympic year promises to be very difficult for French IT services and data.
10