- A stolen database in a ransomware attack in 2024 is offered for free
- It was caught from the French retail company Boulanger Electroménager & Multimedia.
- This affects at least one million people
According to cybersecurity researchers, sensitive information from stolen customers in a French electronics store in 2024 have now appeared online and is offered free of charge, according to cybersecurity researchers Security detectivesWho analyzed a sample of the data, confirmed its authenticity and traced its source.
Researchers said they recently discovered a forum thread on the Clearweb, offering a database, allegedly belonging to the Electromeager & Multimedia baker, a French retail company founded in 1954 specializing in household appliances and multimedia products, offering a wide range of articles thanks to its large network of stores and online platform.
The message contained two links, one to one united set and one to a clear data set. The first contained a 16 GB .json file with more than 27 million records, while the second contained a 500 MB .csv file with five million records.
One million rows
Security detectives have examined the data and found that the clean data set contains a little more than a million lines, a customer occupying a line.
“Although it is still a considerable number of customers, it is much smaller than the 5 million people claimed by the author of The Post,” they said.
The archive contains many sensitive information that can be used in very convincing phishing attacks, identity theft, wire fraud, etc. It includes the full names of people, postal addresses, email addresses and telephone numbers.
A more in -depth analysis confirmed that the data had been stolen in 2024, when the company underwent a ransomware attack, as well as a number of other retailers:
“In September 2024, Boulanger was one of the targets of a ransomware attack which also affected other retailers, such as Truffaut and Cultura,” said security detectives.
“A threat author of the nickname” horrormar44 “claimed the responsibility of the violation.” The data was initially sold online for € 2,000, but we do not know if someone bought it or not.
