Orange Group confirms breach after hacker leaks company documents

[Nytro]

Orange Group confirms breach after hacker leaks company documents

By Ionut Ilascu

 

• February 25, 2025

A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider.

The threat actor published on a hacker forum details about the stolen data after trying to extort the company unsuccessfully.

Orange confirmed the breach to BleepingComputer saying that it occurred on a non-critical application. The company intiated an investigation and is working to minimize the impact of the incident.

According to the threat actor, who uses the alias Rey and is a member of the HellCat ransomware group, the stolen data is mostly from the Romanian branch of the company and includes 380,000 unique email addresses, source code, invoices, contracts, customer and employee information.

Orange data leak posted on a hacker forum

Rey told BleepingComputer that the breach was not a HellCat ransomware operation and that they had access to Orange’s systems for over a month.

On Sunday morning, they started exfiltrating company data and the activity ran for about three hours without the company detecting it.

Some samples shared with BleepingComputer show email addresses from former and current Orange Romania employees, partners, and contractors, along with partial details for payment cards belonging to Romanian customers.

Some of the data we verfied was quite old. For instance, some of the email addresses were used by individuals that had worked or collaborated with Orange Romania more than five years ago.

In the sample with partial payment card information, we found many instances where the data had expired. The leak also contains email addresses and names of Yoxo customers, Orange's subscription service with no contract period.

Rey says that they stole almost 12,000 files totaling close to 6.5GB after compromising Orange’s systems by exploiting compromised credentials, and vulnerabilities in the company’s Jira software for bug/issue tracking, and internal portals.

Files and size for data stolen from Orange telco operator
source: Rey 

The threat actor told us they dropped a ransom note on the compromised system but Orange did not initiate negotiations.

BleepingComputer reached out to both Orange Group and Orange Romania with a request for comment and the company said they were looking into the matter.

A joint statement was shared and an Orange spokesperson told us that they've been discussing internally on the incident and the steps to mitigate it.

"Orange can confirm that our operations in Romania have been the target of a cyberattack," a company representative told BleepingComputer.

"We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application" - Orange

The company representative said their "cybersecurity and IT teams are working hard to assess the extent of the breach and minimize the impact of this incident."

“We are committed to providing regular updates. Additionally, we are committed to complying with all legal obligations associated with such incidents and we are cooperating with the relevant authorities to address this matter,” reads the rest of the statement.

Rey told us they breached Orange independently but they are part of the HellCat ransomware group, which has claimed attacks on Schneider Electric and Spanish telecommunications company Telefónica.

In both breaches, the hackers targeted Jira servers and scraped or stole 40GB of data and 2.5GB of documents respectively.

 

Sursa: https://www.bleepingcomputer.com/news/security/orange-group-confirms-breach-after-hacker-leaks-company-documents/

 

[gentilogroup]

Nu a reusit sa ne dea si noua cateva coduri de reincarcare…ca e grele viata. Se pare ca orange o sa isi deschida campanie noua, ‘impreuna pentru datele tale’

[14pe]

Chiar ma bucur, companiile de telecomunicatii sunt prea imbarligate si varza. Vodafone next ?

Astept sa vina Starlink cu telefonie mobila si fac mutarea, de-abia astept sa scap de fosilele astea care au monopol pe piata si ofera servicii de cacao.

 

In telecomunicatii un Senior Security Engineer ia intre 12000 si 15000 de lei maxim, pe langa low-ball-ul asta nesimtit mai ai si patru manageri deasupra, mai trebuie sa lucrezi si cu toate borataniile de toate natiile. 

 

Mergeti de curiozitate la orice Orange Shop si spuneti-le ca vreti sa portati o cartela PrePaid (dati numarul unui prieten) si ca aveti nevoie de seria de la cartela. Cu seria de la cartela va duceti la Vodafone si faceti cerere de portare, oare ce se intampla dupa?

 

//Later edit, se pare ca si-a luat un fraier de la ei stealer, au ajuns baietii in Jira si de acolo a fost poveste, la mai multe.

Edited yesterday at 11:56 AM by 14pe