Orange Group Hacked - User Data Stolen

Uploaded on 2025-03-04 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the Romanian systems of Orange Group, a leading French telecom service. 

The alleged breach includes source code, internal invoices, client contracts, project blueprints, and user data, raising concerns about operational security and customer privacy.

The hacker, known as 'Rey' is a member of the HellCat ransomware group. After failing to extort the company, Rey publicly posted details about the stolen data on a hacker forum after trying to extort the company unsuccessfully.

  • Source code repositories for customer management systems and network infrastructure tools were reportedly exposed, potentially compromising proprietary technology.
  • Financial documents, such as invoices and service agreements with enterprise clients, were also included in the dump, which could reveal contractual terms and pricing structures.
  • Furthermore, Rey has claimed  that 380,000 email addresses linked to Orange’s consumer and business accounts were extracted, though password hashes or payment details were not specifically mentioned.

Independent audits indicate that the leak following a lengthy period without a major security update to Orange’s employee authentication portals. Although hypothetical, there have been suggestions that the breach resulted from a combination of phishing attacks and exploitation of unpatched vulnerabilities in Orange’s cloud storage systems,

Cyber security experts say that exposed email addresses could fuel targeted phishing campaigns or credential-stuffing attacks across other platforms. 

Orange Communication issued a brief statement acknowledging “irregularities in its data logs” but stopped short of confirming the breach. The company emphasised that its core networks remain secure and urged customers to enable two-factor authentication as a precaution.

Regulatory bodies in the European Union have made their own preliminary inquiries to explore the possibility of a violations of the General Data Protection regulation (GDPR).

Orange   |    Bleeping Computer     |    Tech Radar   |   GB Hackers   |   Cybersecurity News  |   Techzine     |

The 420

Image:  @orange

You Might Also Read:

Salt Typhoon Exploited Cisco Vulnerabilities:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Russian Hackers Penetrate Ukrainian Signal Accounts
Obsolete: Skype To Shut Down »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Lockton

Lockton

Lockton is the world’s largest privately owned insurance brokerage firm. Commercial services include Cyber Risk insurance.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Inveo Group

Inveo Group

Inveo group is the Italian leader for the management of privacy and data protection issues.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.