Orange Group Hacked - User Data Stolen

Uploaded on 2025-03-04 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the Romanian systems of Orange Group, a leading French telecom service. 

The alleged breach includes source code, internal invoices, client contracts, project blueprints, and user data, raising concerns about operational security and customer privacy.

The hacker, known as 'Rey' is a member of the HellCat ransomware group. After failing to extort the company, Rey publicly posted details about the stolen data on a hacker forum after trying to extort the company unsuccessfully.

  • Source code repositories for customer management systems and network infrastructure tools were reportedly exposed, potentially compromising proprietary technology.
  • Financial documents, such as invoices and service agreements with enterprise clients, were also included in the dump, which could reveal contractual terms and pricing structures.
  • Furthermore, Rey has claimed  that 380,000 email addresses linked to Orange’s consumer and business accounts were extracted, though password hashes or payment details were not specifically mentioned.

Independent audits indicate that the leak following a lengthy period without a major security update to Orange’s employee authentication portals. Although hypothetical, there have been suggestions that the breach resulted from a combination of phishing attacks and exploitation of unpatched vulnerabilities in Orange’s cloud storage systems,

Cyber security experts say that exposed email addresses could fuel targeted phishing campaigns or credential-stuffing attacks across other platforms. 

Orange Communication issued a brief statement acknowledging “irregularities in its data logs” but stopped short of confirming the breach. The company emphasised that its core networks remain secure and urged customers to enable two-factor authentication as a precaution.

Regulatory bodies in the European Union have made their own preliminary inquiries to explore the possibility of a violations of the General Data Protection regulation (GDPR).

Orange   |    Bleeping Computer     |    Tech Radar   |   GB Hackers   |   Cybersecurity News  |   Techzine     |

The 420

Image:  @orange

You Might Also Read:

Salt Typhoon Exploited Cisco Vulnerabilities:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Russian Hackers Penetrate Ukrainian Signal Accounts
Obsolete: Skype To Shut Down »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.