Internet traffic at the Spanish subsidiary of French telecommunications operator Orange was seriously disrupted last Wednesday, after the company was the victim of an intrusion by a malicious hacker into one of its external accounts. As has been reported on (formerly Twitter), users began to complain of connection problems in the afternoon.
Although the internet traffic of Orange Espana users was not completely stopped, it was almost halved compared to the previous day for two hours, from 2:45 p.m. to 4:15 p.m., before returning to normal from 6 p.m. according to Cloudflare data. A little before 8 p.m., the telecommunications operator finally reported service “practically restored”. So many disruptions due to a “inappropriate access” which, however, did not compromise customer data.
Hacking claimed
A little earlier, an Internet user, “Snow”, had in fact claimed responsibility for hacking the RIPE (European IP Networks) account of an Orange Espana employee. This intrusion on the site of this non-profit organization allowed it to mess up the routing of the operator’s internet traffic, by directing it in the wrong directions after having entered incorrect values.
A big failure for Orange Espana which could have been avoided if the operator had activated double authentication. Granted, the employee’s password was way too simple – it was ripeadmin. But setting up a complex password would probably not have changed anything. As noted by the computer security company Hudson Rock, these connection information was stolen on September 4 by an infostealer, these malicious programs that steal information.
Weaknesses in security
With a double authentication mechanism or regular password change, it would have been much more complicated for the hacker to take control of the account. The RIPE coordination center also recalled, in a press release on the incident, the importance of multi-factor authentication, before then encouraging account owners to change their passwords.
The hacker behind the intrusion was also gaussé of this security breach. “I was just looking for public leaks in robot data and I came across this mature account with the password “ripeadmin” and no 2FA”, he reports on X. Access was ultimately quickly cut off by RIPE , which allowed Orange to regain control of this very sensitive account.