Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
The French phone company Orange has been the victim of a hack that risks the personal information of 1.3 million customers. That’s 1.3 million people’s names, phone numbers, e-mails, dates of birth, and more accessed by cyber criminals. Perhaps most shocking is the fact that this hasn’t happened once– but twice this year. Orange was aware of the breach on April 18th, but waited until May to inform the customer base; and to make sure that the security failures used by the hackers were cleared up and fixed.
The first security breach was announced to the public in early February. In this attack, the hackers were able to access the “My Account” section of over 800,000 Orange customers in order to lift information.
Now, things like e-mails and phone numbers aren’t as sensitive as other types of information that could have been taken (such as credit card numbers and payment information– yikes!), but this type of information can still be used to harm the people it has been stolen from. This type of data can be sold on the underground market, and it can be used to orchestrate precision targeted phishing attacks. The stolen data can make it much easier for hackers to fake e-mails, making them appear as though they have come from the officials at Orange in order to mine even more sensitive information from the people whose data has been compromised.
Of course the telecommunication company says that security is one of its biggest concerns. For the CEO, Stéphane Richard, this must be especially embarrassing. Just last October, the company released a blog post about their dedication to information security. More than once, the CEO has made it clear that he has a very serious stance on this and yet as we can see, the holes were definitely there.
All of this news comes on the heels of other data breaches with some large U.S. companies as well, such as the mega retailer Target and Michael’s craft stores, begging the question: How can companies better foresee and patch up these holes in their defense before the cyber criminals find the holes for them?
Sources:Orange official blog-