Information is circulating that a million login credentials have been stolen by a hacker. According to our investigation, there is no evidence that this information is true. On the other hand, there is indeed a phishing campaign in progress.
You have surely seen the information that the data of a million French people were put on sale following the hacking of the Health Insurance site. Well, there is no concrete evidence of such a data leak, only the statement of a potential hacker who has since evaporated.
The Zataz site made this assumption in an article published on June 23 after spotting a message from a hacker on a Telegram channel, claiming to hold the data of one million users of the AMELI.fr site. In addition, the journalist specifies that it is probably a phishing campaign, but nothing proves so far that the hacker has put such a quantity of login credentials online.
Contacted by Numerama, the communication manager of the Health Insurance replied to us:
“ We would like to point out that no new recent attack has been observed by the monitoring tools deployed on the Health Insurance IT systems. Thus, if it is not possible to formally establish the source of this list – if it exists, it is nevertheless possible to affirm that it does not come from a new attack against the ‘Health Insurance. L’Assurance Maladie has not noticed any theft in its ameli account login data systems. »
Despite this, many media have jumped on the news, reporting such a hack in a sensationalist race. Only La Tribune questioned the data leak. The fact is that no journalist has accessed this database, and Health Insurance refuting any hacking of Ameli, so we cannot confirm with these elements that the site has been hacked.
Investigating the source of the alleged leak, our editorial staff found two Telegram channels with the hacker’s announcement. Both channels have since deleted their histories entirely, and the hacker has changed his handle — from crypto_stealer to idiot stealer with the profile description: stupid scammer who owns this account is gone.
Finally, if you receive fraudulent messages from the Health Insurance, it is possible that it is linked to a previous massive data leak dating from last March or even to a “lambda” phishing campaign.
Fishing for identifiers is still ongoing
We got an SMS, probably similar to those received by thousands of French people, inviting us to visit the site http://renouv-carte-ameli.com/. By analyzing the URL on phishing-initiative.fr as well as on isitphishing.org, we are confirmed that it is indeed a phishing link.
The fraudulent page in question has already been deleted: hackers are quickly spotted by search engines and reported. As for the phone, it can simply be created by a number generator used by scammers and replaced by another a few days later.
Nevertheless, this indicates that phishing attempts of Ameli login credentials are still taking place. Asked about this, the CNAM replied:
” It is true that phishing attempts have multiplied in recent times, with malicious people seeking to obtain their login IDs and passwords directly from policyholders. “.
The Health Insurance specifies that it has set up ” sending an automatic email each time you connect to the AMELI account. Thus the insured who suspects an unauthorized connection to his account can immediately modify his password and report a possible usurpation to the Health Insurance “.
In addition, if you receive a message beginning with “+33 7”, tell yourself that this is not the social security mobile number. You have everything now so as not to fall into the trap.