The National Family Allowance Fund denies any hacking. According to her, the passwords were “stolen” and made available on the darkweb.
Published
Update
Reading time: 2 min
:quality(50)/2024/02/27/080-hl-jmbarrere-2250515-65de09e219c6e356890788.jpg)
The diagnosis becomes more difficult. After announcing that only four accounts of family allowance beneficiaries had been compromised by computer hackers, the National Family Allowance Fund (Cnaf) finally detected that “several thousand accounts were visited illegitimately”, according to a press release dated Friday February 23. All beneficiaries will therefore have to change their password in the coming days.
A group of hackers claimed to have hacked more than 600,000 CAF beneficiary accounts on February 12. The organization denied any security breach, but specified that “the investigations [étaient] in progress”. On Friday, the National Family Allowance Fund was finally able to confirm that“a data breach has been confirmed” and “malicious people have connected to beneficiary accounts”.
The organization still denies any hacking of the site: according to Cnaf, the passwords of beneficiaries were previously “stolen and ‘made available’ on the ‘darkweb'”. A data theft which does not require intrusion on the platform, the identifiers can be recovered via a fraudulent email or SMS campaign for example.
Mandatory password change
The main risk of these “visits”, the misappropriation of benefits, should be limited, according to the National Family Allowance Fund. “Malicious people cannot access bank details, but could try to modify them”recalls the organization, which notes however that their modification “is subject to security checks” and that’“in case of doubt, the process is validated by a benefit advisor before the change is effective”.
“Each beneficiary whose account is certified to have been visited is contacted and their password reset”, adds Cnaf. The institution also ensures that “the level of password security for new accounts has been strengthened” and will require all beneficiaries who would like to connect after March 8 to change their password.
The organization gives several tips for a secure password: “different for each site”, “complex” with “more than 10 characters and at least one number, one lowercase and one uppercase”And “communicated to no one, not even to CAF”. “A complaint was filed and a report to the CNIL made, the investigation is ongoing”he specifies.