Orange has hack deja vu: 1.3 million customer details exposed

Orange has hack deja vu: 1.3 million customer details exposed

Summary: More than one million Orange customers face an increased risk of phishing attacks after hackers broke into a marketing platform.

SHARE:
TOPICS: Security, Telcos, EU
1

Just three months after hackers stole 800,000 Orange customers' details, the French carrier says it's been hacked again. This time, the details of 1.3 million customers in France were exposed.

Orange France is again warning its French customers to beware of phishing attempts following a hack discovered on 18 April. The security breach exposed customers' and prospects' first names, surnames, and in some cases, their email address, mobile and fixed-line phone numbers, date of birth, and the mobile carrier they were using.

French newspaper Le Monde reported that Orange delayed its public notification of the breach until 5 May in order to properly close the flaw exploited in the latest attack.

In a statement to ZDNet, Orange said it had identified "illegitimate access on a technical mailing and SMS platform" that the company uses for its commercial campaigns in France. The company declined to provide further information on how the attack was carried out, on the grounds that it's taking legal action on the matter.

Reuters reported that the attack was aimed at an "online portal" the carrier used.

In February, hackers exploited a flaw in the 'My account' section of the orange.fr website, allowing them to access the personal details of around 800,000 people. A possible method of attack was SQL injection, which are commonly used to trigger a database dump to an attacker.

While Orange did not provide any details on the nature of the earlier attack, it did say it didn't involve the same method used in this month's hack.

"I can confirm that this is completely different than the hack in February — and in both cases we have taken the appropriate action to ensure there is no further risk of access via the methods used," an Orange spokesman said.

According to Le Monde, after the most recent hack Orange sent its customers an email that warned them of increased phishing threats, which included a link to a "click to call back" feature that requests an Orange operator call the customer back within 48 hours.

The general advice for consumers is to not to click on suspicious looking links in email. Indeed, that's Orange's advice to its French customers.

Read more on Orange

Topics: Security, Telcos, EU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Orange sent its customers an email that warned them of increased phishing

    threats, which included a link to a "click to call back" "The general advice for consumers is to not to click on suspicious looking links in email."

    Wow! Talk about dropping the ball!

    TW
    T-Wrench