Data from thousands of accounts Family allowance fund (CAF) were stolen and “ made available » on the dark web, announced the organization.
In mid-February, a group of hackers known as LulzSec claimed responsibility for hacking CAF, saying they had stolen the personal data of 600,000 accounts. The cybercriminals shared information from four accounts to prove their claims, possibly suggesting that the scale of the attack was ultimately less significant than they claimed. Especially since CAF has not observed any security flaws in its systems. After carrying out the investigation, she finally deplores the compromise of “ thousands of accounts “.
Passwords stolen thanks to phishing or malware
Names, family information and benefit payment amounts and dates are among the information collected by the hackers. The latter accessed the accounts via their passwords, obtained through phishing or infostealer campaigns, discreet malware allowing information to be recovered on a device without the knowledge of its owner.
CAF fears possible attempts to misappropriate allocations. “ Malicious people cannot access bank details (RIB), but could try to modify them. However, changing online banking details is subject to security checks to verify that the change is legitimate. In case of doubt, the process is validated by a benefit advisor before the change is effective. “, she says.
Beneficiaries: change your password without further delay
CAF announced the reset of all passwords of affected people, who were notified in advance by the organization. She further assures that “ the level of password security for new accounts has been strengthened “.
In order to avoid any problems, CAF encourages all beneficiaries to change their passwords, a process which will be compulsory from March 8. A secure password must be unique, that is, it must not be used for any other account. It must also be more than 10 characters long and consist of lowercase, uppercase letters and numbers.
It is essential to protect ourselves against this type of cyberattack, as ANSSI has just warned of the increase in cyberthreat in the run-up to the Paris Olympic Games.
Source : RTL
2