Details of 800,000 Orange France users hacked, leaving customers at risk of phishing attacks
Orange has revealed that up to 800,000 of its French customers could be at risk of phishing attacks following a hacking attack on its user database.
French newspaper Le Figaro reports that the network provider originally came under attack on 16 January through the ‘My Account’ section of its Orange.fr website. Orange has not revealed exactly how the breach occurred, but confirmed the attack in an email to customers, saying that the affected page was closed as soon as the hack was detected and technical measures were immediately taken to stop the attack.
“We sincerely regret this incident. More than ever, the security of our customers’ data is a priority, and Orange is committed to protecting the data and privacy of our customers,” an Orange spokesperson told TechWeek Europe.
The attack was equivalent to three percent of Orange’s total French user base, and the company has already contacted the customers affected by the breach to reassure them no action is required and that it has established dedicated assistance for all of the concerned customers who may have questions about this issue.
User details compromised in the attack include names, email addresses, and phone numbers; however customer passwords were not accessed as they had been encrypted. This means that customers can expect to be targeted by phishing attacks looking to steal further data or personal information.
“Theft of this type of data mainly serve to feed ‘phishing’ activities, and we ask our customer to remain vigilant and to never provide personal data over email or click on links in email that may be untrustworthy,” an Orange spokesperson said.
Orange assured customers as recently as November that their details were secure with the company. In a presentation that month, Stéphane Richard, Orange CEO, told customers that protecting data was a “fundamental issue” for the company, which “will become increasingly sensitive” as more users shared their personal data.
“Because we are an operator in constant contact with our customers, we can provide the guarantee to protect personal data,” he said, signing a charter onstage to formalise the commitment.
Phishing attacks are becoming an increasingly more popular way for hackers to attack companies and gain data, as more and more people take to the internet for various services. The UK remains one of the most attractive targets for phishing, seeing a threefold jump in attacks on people and businesses based in the country in 2012, according to Kaspersky.
We have asked
Additional reporting from Phlippe Guerrier, IT Espresso France.
What do you know about Internet security? Find out with our quiz!