The website of the French company selling sports equipment and clothing announces that it suffered a cyberattack on April 19, 2024. The personal data of more than 4 million customers are already for sale on the dark web. Suspicion hovers over the French-speaking group Epsilon.
If sport is good for your health, we cannot say that the same is true for data. It was only 15 days after the hacking and data theft of Intersport that Sport 2000, one of the French specialists in the sale of sports equipment and clothing, announced on its website that it had suffered a cyberattack.
For the moment, no official claim has been published, but strong suspicions are pointing towards the Epsilon group, whose latest cyberhacking exploits are none other than the X.com accounts of BFMTV And LDLC. Still, more than 4 million customers are likely to see their data sold on the dark web.
More than 4 million customer accounts and data extracted with an infostealer
On X.com, the platform specializing in threat intelligence published a message from the hacker. “ Hello, today I extracted all the customer data from the French store SPORT2000. I sell all customer data », We can read in the visible extract. In total, there are no less than 4,376,038 customers of the French Sport 2000 network that the pirate says he has in his possession and has put up for sale.
On his website ZatazDamien Bancal indicates that this data was obtained by an infostealer campaign, a phenomenon which, according to Kaspersky, is growing and could even take the lead in the methods favored by cybercriminals.
Simply put, an infostealer is malware that acts without its victim’s knowledge. He simply steals all his personal data by acting as a scanner. It is introduced to a user’s machine through a fraudulent email, file sharing networks, or even a random download from a malicious site. In some cases, it can also act in real time by capturing data as the user enters it on their keyboard, using the keylogging method, keylogging.
This is why on its website, Sport 2000 not only states that it is aware of the cyberattack, but also communicates a list of the type of data that was stolen from users. This extremely detailed list includes, apart from common information such as postal and civil contact details, their data sharing preferences, and, less usual, more statistical information such as “ segmentation carried out from the information that [nous détenons] on the date, frequency and amount of your purchases at Sport 2000 “, or the ”
segmentation carried out based on the typology of your purchases, for example “family”, “leisure”, at Sport 2000 “.
French-speaking Epsilon gang suspected of being behind cyberattack
According to his research, Damien Bancal indicates that the French-speaking cyberhacker group Epsilon is at the origin of this attack. And the least we can say is that this gang hit hard in record time. Founded by a duo calling themselves ChatNoir and Casquette, the Epsilon group cut its teeth in October 2023 by hacking Shadow, the French cloud gaming service, to resell gamers’ data. And to further fill the coffers, Epsilon then attacked those of LDLC customers, which they also resold, after a failure of negotiations with the IT brand.
But if the group’s motivation is financial, money is not its only driving force. In an interview for the newspaper The Parisianone of the two founding fathers of Epsilon explains that they “did not [….] no real goal. Basically we do this for fame (to make ourselves known) and we like to hit everything we find “.
He also admits that the hacking of X.com’s account BFMTV had no other goal than notoriety. “ With BFM, we wanted to advertise our X account and for Epsilon “, he justifies himself.
For its part, Sport 2000 carried out the usual formalities, namely filing a complaint with the competent authorities and making a report to the security watchdog, the CNIL, which is drowning in notifications after a year 2023 marked by 90 million fines. If you are a Sport 2000 customer, the site indicates that you can contact customer service at this address: https://www.sport2000.fr/contact/.
Sources: Zataz, Sports 2000, The Parisian
2