Hackers claim to have compromised 600,000 CAF accounts in France

Threat actors claim to have compromised 600,000 accounts of social security beneficiaries in France with La Caisse des Allocations Familiales (CAF).

The hack was disclosed earlier this week (Feb. 12) on the social media platform X (formerly Twitter) by a group of hackers called LulzSec, who claimed to have compromised the CAF accounts.

The hacking group shared screenshots of four compromised accounts containing contact information such as phone number and postal code, professional and marital status, and a history of the latest amounts paid.

CAF says that caf.fr was not breached

CAF issued a statement denying any security breach on the caf.fr platform. The social security agency did, however, confirm that the accounts of four beneficiaries were compromised through “password hacking.”

“Monday, February 12, a group of ‘hackers’ published a tweet claiming to have hacked the caf.fr accounts of hundreds of thousands of beneficiaries

of CAF,” a machine-translated security notice published on CAF’s website reads. “Screenshots of 4 beneficiary accounts were published, followed by a blurred list of supposedly thousands more. After verifications, no security breach was detected on the caf.fr site.”

While the investigation is still underway, CAF says the hacking attempt on user accounts will not impact payments and that threat actors did not steal any benefits from the compromised accounts.

Whether or not the four accounts were compromised due to poor password hygiene, all CAF users are advised to change passwords to avoid credential-stuffing attacks.

Compromised credentials from unrelated breaches could have fueled this attack, and all CAF users are advised to conduct a rigorous review of account passwords to prevent the compromise of other sensitive data and accounts.

If you have re-used the CAF password across other online platforms, immediately reset it to safeguard your digital assets.

With Bitdefender’s Digital Identity Protection (DIP) service, you can discover and curate the extent of your digital identity to make more privacy-focused decisions to keep your identity and finances safe.

Our dedicated digital identity protection service helps you immediately respond to data breaches and leaks of personally identifiable information with 24/7 monitoring and provides easy 1-click action items that enable you to secure your accounts and data.

Put a stop to password recycling with our feature-rich password manager that helps you generate and manage secure, complex, and unique passwords for every online account.