- A stolen database is offered in a 2024 ransomware attack for free
- He was caught from the French retail company Boulanger Electromenager & Multimédia.
- It affects at least one million people
The confidential information of the stolen client of a French electronics store in 2024 has now appeared online and is offered free of charge, according to cyber security researchers Security detectivesWho analyzed a sample of the data, confirmed its authenticity and tracked its source.
The researchers said they recently discovered a thread of the forum, in Clearweb, which offers a database that supposedly belongs to Boulanger Electromenager & Multimédia, a French retail company founded in 1954 specialized in appliances and multimedia products, which offers a wide range of elements through its wide network of stores and online platform.
The publication contained two links, one to one non -matched and another to a clear data set. The first contained a 16 GB. JSON file with more than 27 million records, while the second contained a 500 MB .CSV file with five million records.
One million rows
Security detectives reviewed the data and discovered that the Clean data set contains just over one million rows, with a customer who occupies a row.
“While that is still a considerable number of customers, it is much smaller than the 5 million claimed by the author of The Post,” they said.
The file contains a lot of confidential information that can be used in highly convincing phishing attacks, identity theft, wire fraud and more. It includes the complete names of people, postal addresses, email addresses and telephone numbers.
A subsequent analysis confirmed that the data were stolen in 2024, when the company suffered a ransomware attack, along with several other retailers:
“In September 2024, Boulanger was one of the objectives of a ransomware attack that also affected other retailers, such as Truffaut and Culture,” security detectives explained.
“An author of threat to the nickname” Horrormar44 “The responsibility of violation was attributed.” Initially, the data were sold online for € 2,000, but it is not clear if someone bought it or not.
