A hacker has just put up for sale a database containing the personal information of 39 million French people. The offer appeared on the dark web and on certain forums dedicated to hacking. It contains the names, first names, postal addresses, telephone numbers and e-mail addresses of the victims. With this data, a seasoned hacker can mount an effective phishing campaign.
According to a survey carried out by Damien Bancal, computer security expert for the Zataz blog, a hacker has put up for sale a database containing information on 39 million French people. The file has been sold on dark web platforms and forums accessible on the clear web.
To convince interested buyers of his words, the hacker offers a free sample of 100,000 examples. In order to learn more about the data collected, the cybersecurity expert posed as a potential buyer. He thus got the free sample from the seller.
Also read: leak exposes 38 million personal data of Microsoft users
These sensitive data endanger the 39 million French people concerned
The sample concerns French residents all over France. “I saw people from Marseilles there, like Tahitians, Lyonnais, Parisians or even inhabitants of more modest towns like Gerzat, Ussel or Le Bourget”, explains Damien Bancal. It is not known where the hacker got all this data. Zataz’s report notices a recurring term recurring in the database: Real Money. It is a common expression in the field of investment, online gambling (casino) or cryptocurrencies.
For Damien Bancal, “There is a good chance that this pirate trader has aggregated several sources”. Certain techniques popular with hackers, such as scrapping, in fact allowextract public data available on the Internet through multiple sites.
These data are far from trivial. Exploited by a hacker, they can be used to build effective phishing campaigns. The most seasoned cybercriminals indeed rely on this data to tailor their phishing emails or SMS, and thus lull victims’ mistrust.
In addition, the data could be used to realize a brute force attack. Thanks to dedicated software, the hacker will test all the combinations in order to guess your password within a few hours. Sometimes all it takes is an e-mail address to put your security at risk.
Source: Zataz