An attacker posted a list of more than 1,500 Orange Cyberdefense customers on a Dark Web forum, stating that it was possible to buy server access.
According to the Zataz site, this list contains 1,584 customers of Orange Cyberdefense, the Orange entity specializing in cybersecurity, and it would contain information on town halls, hospitals, media, etc… Each time, there are coordinates: telephone number, e-mail address and identity (probably from the IT manager). In fact, these would be customers who have subscribed to the “Micro-SOC Endpoint” offer offered by Orange Cyberdefense and which corresponds to a protection tool for terminals. On the official website, the solution is described this way: “The managed workstation and server detection and protection solution for organizations and businesses of all sizes“.
What is particularly worrying is the fact that server access is currently for sale. What servers are these? Those of Orange Cyberdefense? Those of customers? In either case, if these accesses are functional, it is very bad news.
For its part, Orange Cyberdefense reacted and here is the reaction obtained by the site Le Monde Informatique: “Orange Cyberdéfense confirms the publication on a specialized forum of a file containing personal data relating to a few hundred French customers of the Micro-SOC service. All the teams are fully mobilized. Investigations are underway and all necessary measures have been taken to notify the customers concerned as well as the authorities. At this stage we have no further comments.“What is amazing is that the hacker mentions a list of 1,584 customers while Orange Cyberdefense speaks of a few hundred customers.
It remains to identify the origin of this data leak: is it a hack? From a bad move by an intern or a former employee? The investigation may reveal more…