Horror404x/horrormar44. This is the name of the cyberhacker who claimed responsibility, completely uninhibited, for the massive data hacks that have just taken place at Boulanger, Cultura, Truffaut and now Grobill. 20 Minutes reminds you of the facts… and warns you of their consequences.
Millions of customer records compromised
On the night of September 6 to 7, 2024, the cultural products chain Cultura had the data of 2.6 million customers hacked: name, first name, address mailpostal address, date of birth, telephone number and details of products purchased. Password data “is not compromised,” reassures Cultura on Tuesday 10.
Still on the night of the 6th to the 7th, the tech and household appliance specialist Boulanger also suffered a full-scale robbery by Horror404x/horrormar44, this time with 27 million accounts taken over. Bingo! And now the gardening chain Truffaut is also being siphoned off “personal data relating to orders placed on truffaut.com”: name, first name, address maildelivery address. Here again, the banking data of 277,000 accounts concerned have not, or would not have been, stolen. Whose turn is it?
Grosbill, the specialist in high-tech equipment! As we were writing these lines, on Thursday, September 12, the firm sent us a mail (received at 4:27 p.m.), indicating that a “recent intrusion attempt targeted part of the company’s computer systems.” It’s a massacre in the retail French !
“These laconic and catastrophic press releases really drive me crazy, no, no!” protests Clément Domingo, aka SaxX, the “nice hacker” whose LinkedIn account is followed by more than 35,000 subscribers.
Negotiations on Telegram
The cause of these repeated data thefts? The same IT service provider was targeted. The ANSSI (National Agency for the Security of Information Systems) confirmed that “interdependencies between IT players are a reality.” The problems have been contained according to the brands, which have warned their customers, as required by law. But the damage is done.
The stolen data is already for sale on BreachForums. This is a well-known space in the cybercrime community. Horror404x/horrormar44 invites potential buyers to negotiate discreetly on the encrypted messaging service Telegram! “I had access to him directly. I burned an account, it’s not serious. But I spoke to him pretending to be a buyer. He had not yet sold Boulanger’s initial database. 404x/horrormar44 must have between 35 and 45 million pieces of information,” SaxX tells 20 Minutes.
Relaxation after the Olympics
“We see that the trend is towards an acceleration of this type of attack. The Olympic period had caused a lot of fear, with company security teams on edge. A probably lesser vigilance at present could be one of the causes of these repeated attacks,” believes Séven Lemesle, CEO of WeScale. Were Boulanger, Cultura, Truffaut and Grobill poorly protected? For Séven Lemesle, who helps companies achieve their digital transformation (his clients include the Ministry of the Interior, BPI and Saint-Gobain), “that would be jumping the gun”, because according to him, “zero risk does not exist”. “It is also possible that these are application tools that have suffered a breach”, he explains.
At least two other companies will follow
“These are not classic cyber attacks, around the ransomwarewith ransom demands on companies by paralyzing a system. We are here on another form of cybercrime, a call cybercrime where we will hack the brands and then resell the data”, decrypts Clément Domingo, alias SaxX. “In the coming days, the scenario will repeat itself. I know the names of at least two other companies concerned”, assures “the nice hacker” who mentions a total of seven to eight national brands that have been hacked…
Today, the question of how to prepare these companies for these intrusions into their systems is more pressing than ever. “We prioritize with our clients the identification of risks, the classification of their data, the training of personnel and regular auditing,” explains Séven Lemesle, CEO of WeScale. Who notes as an underlying trend that “security teams are becoming more and more powerful.”
Will we not see anything?
What will happen in the coming weeks for Boulanger, Cultura, Truffaut and GrosBill customers? First of all, you should know that their data will have been resold for a pittance. Boulanger’s data had been put at a price of 2,000 euros! But if our data is not worth much, it can bring in a lot of money… Because then, a watchword: “beware!”, proclaims SaxX.
According to him, very spread out and extremely targeted campaigns will appear with, in the hackers’ sights, massive attempts to collect banking data in regions, from a type of population and even certain cities in particular. “If you receive an email from Boulanger or Cultura inviting you to update your banking details”, refrain from responding at all costs, adds the WeScale boss! The fact remains, as SaxX notes, that “when it’s done well, people don’t notice anything”. Especially, according to him, with the next French Days, hackers will have an ideal window of opportunity.
No inevitability, according to the kind hacker SaxX
An inevitability? “I don’t agree at all! The problem is that in France, no one cares!” protests Clément Domingo. For “the nice hacker”, the ANSSI (the National Agency for Information Systems Security) and the CNIL (National Commission for Information Technology and Liberties) are overwhelmed. And the ministers or ministers delegated to digital are not willing or effective enough.
After Jean-Noël Barrot, Minister Delegate for Digital Affairs (from 2022 to 2024), it was a “simple” Secretary of State who then took charge of these sensitive issues (Marina Ferrari, from February to September 2024). “We have gone downhill, we can see the government’s lack of interest in data protection,” complains Clément Domingo. Who is appealing to Michel Barnier, the new Prime Minister. And is campaigning for greater and much better public awareness and education on these issues. Otherwise, history will continue to repeat itself.