As CAF’s investigations into the claims of a group of “hacktivists” continue, the results of the attack turn out to be a little more serious than expected.
If initially, the Family Allowance Fund had only communicated on 4 compromised accounts, it revised this figure upwards in a new press release which this time mentions “several thousand” of benefit accounts “visited in an illegitimate manner “. The exact number of accounts affected was not specified.
It is not yet known how the attackers gained access to these accounts. The CAF nevertheless denies any flaw originating from its own services, and instead refers to passwords stolen and distributed “on the dark web” that the attackers would have used to access the accounts. The CAF specifies that it has filed a complaint with the CNIL.
Take charge of possible reimbursements
The press release specifies that the attackers cannot access the bank details (RIB) on the accounts, but explains that the latter could try to modify them to monopolize possible reimbursements.
The organization nevertheless reminds that the modification of banking data is subject to checks to verify that the change is legitimate, checks which may include validation by a benefit advisor.
To strengthen account security, CAF has nevertheless decided to reset user passwords and strengthen the level of password security.
“Changing your password will become mandatory”
A campaign to encourage password changes has been launched among beneficiaries since February 22, and from March 8, “changing passwords will become compulsory for all beneficiaries who have not yet done so. ”
On February 12, a group claimed on Telegram to have managed to steal access to 600,000 CAF beneficiary accounts, without ever providing any evidence to verify these claims. This group, active since October 2023, takes the name of a group of hacktivists known in 2011/2012 but since dismantled.