- A database stolen in a 2024 ransomware -attacks offered for free
- It was gripped from the French retail company Boulanger Electroménager & Multimédia.
- It affects at least one million people
Sensitive customer information stolen from a French electronics store in 2024 has now emerged online and is offered free of charge, according to cybersecurity -scientists Security detectivesAn analyzed a sample of the data, confirmed its authenticity and traced its source.
The researchers said they recently discovered a forum thread at Clearweb, offering a database that allegedly belonged to Boulanger Electroménager & Multimédia, a French retail company founded in 1954, specialized in household appliances and multimedia products offering a wide range of goods through its extensive networks of stores and online platforms.
The mail contained two links, one to an undeveloped and one for a clear data set. The former contained a 16 GB .json file with more than 27 million records, while the latter contained a 500 MB .CSV file with five million records.
A million rows
Security detectives reviewed the data and found that the clean data set contains just over a million rows where a customer takes a row.
“Although it is still a significant number of customers, it is far less than the 5 million claimed by the author of the post,” they said.
The archive contains lots of sensitive information that can be used for very compelling phishing attacks, identity theft, thread fraud and more. It includes people’s full names, postal addresses, e -mail addresses and phone numbers.
Further analysis confirmed that the data was stolen in 2024 when the company suffered a ransomware attack with a number of other retailers:
“Back in September 2024, Boulanger was one of the goals of a ransomware attack that also affected other retailers, such as Truffaut and Cultura,” explained security detectives.
“A threat writer with the nickname” Horrormar44 “assumed responsibility for the violation.” The data was originally sold online for € 2,000, but it is unclear whether anyone bought them or not.
