more than 1 million hacked accounts, how do you know if you are affected?

It was the ZATAZ monitoring service that sounded the alarm. According to him, more than a million French women and men have seen their personal health data leaked on the web this week. In question, a hacking operation of the Health Insurance site, Ameli.fr. At the time of writing these lines, this data is for sale on the web.

What happened ?

Despite the importance of the data passing through the Health Insurance site, the flaws on the platform have been increasing lately. After private messages and letters, it is therefore the turn of personal health information to circulate on the web.

An ill-intentioned individual has indeed put up for sale a million usernames and passwords allowing access to the accounts of the insured. If the latter has not revealed his method for obtaining this information, two hypotheses are considered: a 0-day fault or (more probably) a massive phishing campaign.

In the latter case, the victims would then have fallen into a trap that has become classic: a fake e-mail asking to give information again, a fake SMS, etc.

Why shouldn’t this hack be taken lightly?

If this leak worries, it is because it gives access for the first time to extremely sensitive data. The information stored on the Health Insurance website ranges from the social security number to the postal address, including, on the practitioner’s side, the bank details required for reimbursements.

Putting them on sale is therefore giving a chance to other ill-intentioned people to exploit this information for personal ends or for fraud: identity theft, embezzlement, theft of personal data.

This is all the more worrying as the hacker behind this leak is only asking for $6,000 or about 5,700 euros to get your hands on this list of one million accounts.

How to know if you are concerned and how to react?

Since the most probable hypothesis of the origin of the hack is a phishing campaign, be sure to first check that you have not replied to a suspicious e-mail or text message from the Health Insurance.

Whether you made the mistake or not, change all your AMELI account access passwords. Finally, carefully monitor the activity of your AMELI account in the weeks and months to come while waiting for the Health Insurance to strengthen its security.

In the meantime, the home page of the Ameli.fr site displays a red banner inviting you to be vigilant against phishing attempts. There is a series of tips to avoid being trapped. A reassuring first step while waiting for better.

Leave a Comment