Orange Group Hacked - User Data Stolen

A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the Romanian systems of Orange Group, a leading French telecom service. 

The alleged breach includes source code, internal invoices, client contracts, project blueprints, and user data, raising concerns about operational security and customer privacy.

The hacker, known as 'Rey' is a member of the HellCat ransomware group. After failing to extort the company, Rey publicly posted details about the stolen data on a hacker forum after trying to extort the company unsuccessfully.

  • Source code repositories for customer management systems and network infrastructure tools were reportedly exposed, potentially compromising proprietary technology.
  • Financial documents, such as invoices and service agreements with enterprise clients, were also included in the dump, which could reveal contractual terms and pricing structures.
  • Furthermore, Rey has claimed  that 380,000 email addresses linked to Orange’s consumer and business accounts were extracted, though password hashes or payment details were not specifically mentioned.

Independent audits indicate that the leak following a lengthy period without a major security update to Orange’s employee authentication portals. Although hypothetical, there have been suggestions that the breach resulted from a combination of phishing attacks and exploitation of unpatched vulnerabilities in Orange’s cloud storage systems,

Cyber security experts say that exposed email addresses could fuel targeted phishing campaigns or credential-stuffing attacks across other platforms. 

Orange Communication issued a brief statement acknowledging “irregularities in its data logs” but stopped short of confirming the breach. The company emphasised that its core networks remain secure and urged customers to enable two-factor authentication as a precaution.

Regulatory bodies in the European Union have made their own preliminary inquiries to explore the possibility of a violations of the General Data Protection regulation (GDPR).

Orange   |    Bleeping Computer     |    Tech Radar   |   GB Hackers   |   Cybersecurity News  |   Techzine     |

The 420

Image:  @orange

You Might Also Read:

Salt Typhoon Exploited Cisco Vulnerabilities:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Russian Hackers Penetrate Ukrainian Signal Accounts
Obsolete: Skype To Shut Down »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Government Communications Security Bureau (GCSB) - New Zealand

Government Communications Security Bureau (GCSB) - New Zealand

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.