Major hackings are taking place all the time, with many going undetected and unreported. The latest high-profile intrusion took place recently in France, with an estimated 800,000 customers falling victim to privacy and identity-theft. The mobile giant has notified the victims and apologized for the incident.
Around 3% of Orange.fr customers were hit by the massive exploit. The company did not elaborate on how the hackings were performed. The breach was possibly commercially motivated and the French cybercrime division is looking into the unfortunate incident.
Orange.fr claims that despite the stealing of names, emails, phone numbers and other private data, no passwords were compromised. The hacking also led Orange.fr to shut down the “My Accounts” section in its website for a while.
The instant danger after such information is harvested is phishing. Fake emails, some looking authentic and reliable, are sent to the victims. They are then led into filling bogus forms or clicking on malicious links that eventually lead to even more exploitation. Once the victim’s computer is “seized”, a variety of things can happen.
In common case scenarios, the malware that contaminates the system turns the computer into a “bot” or bounces off extracted information to remote servers. These incidents are sometimes hard to detect and can go on for years without the victim’s knowledge. In more serious cases, the computer data can be manipulated or even wiped off completely.
Despite the claims that passwords were not compromised, Orange.fr customers and all mobile users worldwide should change their login details frequently. More importantly, the personal answers for password retrieval must be kept complex and tough-to-guess. Also, suspicious looking emails and text messages from unknown sources should never be opened.
This is also a huge wake-up call for telecommunication CISOs and security managers. The vulnerabilities in large databases are many. SAST and Pen Testing solutions are very helpful, but Source Code Analysis is the most effective of the bunch. With SCA, it’s possible to locate loopholes fast and also find the most effective spots to fix the code.
Source – Orange.fr Hacking