The health insurance site hacked and the data of a million French people for sale on the Internet? It’s unlikely

“About a million Ameli IDs hacked and put up for sale! “Ameli, of course they were saying….” “For several days, alarmist messages have multiplied about a hacking of Ameli, the official platform of Health Insurance.

Internet users castigate the Health Insurance site. – Screenshot

In total, the identifiers and personal data of nearly a million French people have been stolen and put up for sale on the Internet. The information was also taken up by several general or specialized media. A new hiccup after the one revealed last March?


This latest “revelation” originated on the website specializing in cybersecurity and computer crime ZATAZ, which published an article on June 23. According to Damien Bancal, founder of the media and author of the article, the ZATAZ Monitoring Service, the purpose of which is “to monitor pirate spaces and alert its members to any direct and indirect data leaks” has spotted the sale of a file containing 1 million login credentials belonging to users of the website.

The seller, a hacker known to the community, would offer this file at a price of 6,000 dollars (about 7,500 euros). If he does not explain how he was able to collect such a mass of data, the file would contain all the login credentials, including the password, of this million users. Something to be afraid of. Yet there is no evidence that the file actually contains this information. The file has not leaked for the moment, it is impossible to be sure.

No attack noted by the Cnam

Contacted by 20 minutes, the National Health Insurance Fund (Cnam) ensures that no recent attack has been observed by the supervision tools deployed on the computer systems of the Health Insurance. And no theft, either, has been spotted in the Ameli account login data systems.

If the list proposed by the hacker exists, it could come from another process: “It is true that phishing attempts have multiplied in recent times, malicious people seeking to obtain their identifiers and login passwords. »

The track of phishing considered

Corinne Hénin, cybersecurity expert, explains this practice to us: “It consists of attacking the human rather than the website. A hacker, using infected software, sends you an SMS or an email, pretending to be your bank, the Cnam or any company to ask you to validate or verify your password. You must then click on a link or respond by giving your identifiers or bank details. »

The hacker thus recovers your data and can resell it on the “Dark Web”. This data is then used for scams, identity theft “or by unscrupulous advertisers who can then target you in their campaigns”.

This is also the technique favored by Damien Bancal who leans towards an orchestrated collection usurping French health insurance. But the author of the article even marks his surprise and his skepticism in front of such a quantity of data. “1 out of 60 French people would have been tricked by a fake Ameli email? »

Many phishing campaigns appear regularly.
Many phishing campaigns appear regularly. – Screenshot

“Less than 20% of Internet users click on these links. And among them, only 1 out of 8 enters personal information”, abounds Corinne Hénin for whom the price also seems very low in view of the volume offered. If this file exists, it could only be the aggregation of other data, older and “not necessarily very reliable”.

Cnam recalls that connections to Ameli are only possible from the web interface or its application and that it has intensified its awareness-raising actions for policyholders, with reinforced campaigns and introduced a new security system, the sending each time you connect to the Ameli account an automatic e-mail: “Insured persons who suspect an unauthorized connection to their account can immediately change their password and report possible usurpation to Health Insurance. »

The Cnil, French Internet policeman, also offers on its site the 6 good reflexes to apply to protect its data online and the site offers a service for reporting phishing attempts.

Leave a Comment