Data leak: EDF denies computer hacking that would have affected more than 6 million customers

The Prime Energies site has not responded for several hours, a collateral victim of a grotesque cyber attack. Except that we are far from the breakdown of the century – 6.3 million customers concerned – claimed on a hacker forum and spotted by a cybersecurity researcher and whistleblower.

“We have identified a hundred abnormal connections on the site, but no infiltration of our IT systems,” deserves EDF. “So we have no element that lets us believe in a massive leak, but rather the reuse of other data leaks with passwords and emails or identifiers”, points out the public enterprise.

Cybercriminals have used the technique of “Credential stuffing”, literally the drilling of identifiers, to open the doors of a few hundred customer spaces of this EDF service. These attackers recycled the loot of previous operations to try combinations of email and passwords on different sites or information systems. They have recovered personal data in order to resell it on the black Darknet market.

 

After an lull during the Olympic Games in Paris 2024, the phenomenon of data flights has taken other proportions since the start of the school year with the resounding leaks and well exploited this time of Free, Auchan or Picard.

Considered a operator of vital importance (OIV) and therefore monitored like milk on fire by the ANSSI, the EDF group has solid cybersecurity protocols. The energy supplier invites its customers to renew their passwords and maintain the Prime Energy closed site for the time to conduct an in -depth investigation.

By Editor

Leave a Reply