Security breach exposes personal data of 800,000 Orange users
2014 is not proving to be a very good year for security -- and it is not just down to the Syrian Electronic Army. Hundreds of thousands of Orange customers in France have had their personal details exposed after hackers managed to procure a mass of unencrypted data from the My Account section of the orange.fr website.
The attack was carried out on 16 January, but details are only coming to light some two weeks after the security breach.
Orange France says that less than 3 percent of its customers were affected, but this still amounts to some 800,000 people. Hackers were able to gain access to unprotected data including names, addresses, phone numbers and other account details, although Orange insists that passwords remain safe and the integrity of accounts has not been compromised. The company recognizes that the information gathered by hackers could be used to launch a large-scale phishing attack and it has directed customers to a support page explaining how to avoid falling victim.
Customers received an email from Orange France on 23 January providing a warning to be wary of phishing attacks, but no reference was made to the data breach. A subsequent email revealed some details about what had actually happened, and speaking to PCInpact, Laurent Benatar, technical director of Orange France said that sensitive information such as bank account details were obscured and therefore unusable.
As yet there are no reports of any phishing attacks having been launched on customers, but this in itself will do little to reassure customers. Many will be asking questions such as why data was stored in an unencrypted state, and why customers were not alerted sooner.