Major hackings are taking place all the time, with many going undetected and unreported. The latest high-profile intrusion took place recently in France, with an estimated 800,000 customers falling victim to privacy and identity-theft. The mobile giant has notified the victims and apologized for the incident.
Around 3% of Orange.fr customers were hit by the massive exploit. The company did not elaborate on how the hackings were performed. The breach was possibly commercially motivated and the French cybercrime division is looking into the unfortunate incident.
Orange.fr claims that despite the stealing of names, emails, phone numbers and other private data, no passwords were compromised. The hacking also led Orange.fr to shut down the “My Accounts” section in its website for a while.
The instant danger after such information is harvested is phishing. Fake emails, some looking authentic and reliable, are sent to the victims. They are then led into filling bogus forms or clicking on malicious links that eventually lead to even more exploitation. Once the victim’s computer is “seized”, a variety of things can happen.
In common case scenarios, the malware that contaminates the system turns the computer into a “bot” or bounces off extracted information to remote servers. These incidents are sometimes hard to detect and can go on for years without the victim’s knowledge. In more serious cases, the computer data can be manipulated or even wiped off completely.
Despite the claims that passwords were not compromised, Orange.fr customers and all mobile users worldwide should change their login details frequently. More importantly, the personal answers for password retrieval must be kept complex and tough-to-guess. Also, suspicious looking emails and text messages from unknown sources should never be opened.
This is also a huge wake-up call for telecommunication CISOs and security managers. The vulnerabilities in large databases are many. SAST and Pen Testing solutions are very helpful, but Source Code Analysis is the most effective of the bunch. With SCA, it’s possible to locate loopholes fast and also find the most effective spots to fix the code.
Source – Orange.fr Hacking
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.