Major electronics store sees millions of user records allegedly leaked online
- A database stolen in a 2024 ransomware attack is being offered for free
- It was grabbed from the French retail company Boulanger Electroménager & Multimédia.
- It affects at least a million people
Sensitive customer information stolen from a French electronics shop in 2024 has now surfaced online and is being offered for free, according to cybersecurity researchers Safety Detectives, who analyzed a sample of the data, confirmed its authenticity, and traced its source.
The researchers said that they recently discovered a forum thread, on the clearweb, offering a database allegedly belonging to Boulanger Electroménager & Multimédia, a French retail company founded in 1954 specializing in household appliances and multimedia products, offering a wide range of items through its extensive network of stores and online platform.
The post contained two links, one to an unparsed, and one to a clear dataset. The former contained a 16GB .JSON file with more than 27 million records, while the latter contained a 500MB .CSV file with five million records.
A million rows
Safety Detectives reviewed the data and found that the clean dataset contains just over a million rows, with one customer taking up one row.
“While that’s still a considerable number of customers, it’s far smaller than the 5 million claimed by the author of the post,” they said.
The archive contains plenty of sensitive information that can be used in highly convincing phishing attacks, identity theft, wire fraud, and more. It includes people’s full names, postal addresses, email addresses, and phone numbers.
Further analysis confirmed that the data was stolen in 2024, when the company suffered a ransomware attack, together with a number of other retailers:
“Back in September 2024, Boulanger was one of the targets of a ransomware attack that also affected other retailers, such as Truffaut and Cultura,” Safety Detectives explained.
“A threat author with the nickname “horrormar44” claimed responsibility for the breach.” The data was initially being sold online for €2,000, but it’s unclear if anyone bought it or not.
You might also like
A database stolen in a 2024 ransomware attack is being offered for free It was grabbed from the French retail company Boulanger Electroménager & Multimédia. It affects at least a million people Sensitive customer information stolen from a French electronics shop in 2024 has now surfaced online and is being…
