Caf confirms that four accounts were compromised by “password hacking” and not a security breach on its website.
:quality(50)/2023/07/07/64a7df4c5fe71_placeholder-36b69ec8.png)
Published
Reading time: 1 min
:quality(50)/2024/02/14/maxstockworld445721-65cc79d1e4659462022488.jpg)
The hacker group LulzSec claims on X (formerly Twitter) to have hacked hundreds of thousands of Family Allowance Fund accounts. “600 000 accounts”, the collective clarified on Monday on social networks, then broadcasting screenshots of four hacked accounts. The CAF does not confirm the compromise of these hundreds of thousands of accounts, but assures that four accounts were indeed consulted without their knowledge.
This hack comes a few days after a cyberattack against third-party payment operators Viamedis and Almerys, and the data leak of more than 33 million French people. In the case of the attack targeting the CAF, the information is particularly sensitive: we find in particular the name of the beneficiaries, their family situation, their address, their telephone number, as well as the amount and date of the last payment received by the Family allowance.
No impact on procedures or payments
CAF confirms in a press release the “violation of data of four beneficiaries”. The organization assures that after “verifications, no security vulnerabilities were detected” on his site. As a precaution, for several hours on Monday, the “My Account” space on caf.fr was still closed, before reopening on Tuesday morning. The site was also closed between 11:30 p.m. Tuesday and 6 a.m. this Wednesday for “strengthen password security”.
According to CAF, access to these four accounts was done without forcing the website system, but through the “password hacking”. “No action was taken on these four accounts, in particular aimed at capturing the benefits of the beneficiaries concerned, access to the RIB being not possible”adds the organization.
“A report to the CNIL (National Commission for Information Technology and Liberties) has been made and a complaint will be filed,” affirms CAF in its press release. The organization maintains that “this hacking attempt has no impact on procedures and payments” of its beneficiaries. However, it recommends that its users change their password.