The Le Figaro, a French daily newspaper, exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees, as well as of at least 42,000 users. The data exposed by this misconfigure could be used by fraudsters for identity theft and fraud, for credential phishing attacks. Due to the fact that there were no passwords on the server, the data was available to anyone who wanted to access it.
Le Figaro, a French daily newspaper, has been found to have inadvertently exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees.
Read more: https://t.co/1uesg6sYQ8
— Dr. Tim Sandle (@timsandle) May 2, 2020
The 7.4 billion personal records exposed by Le Figaro are certain to make it onto the dark web where they will be bought and sold for profit and combined with other available information to create a “fullz,” giving fraudsters everything they need to commit automated account takeover fraud. Cybercriminals can then use this data to access anything from bank accounts to social media apps, which are often used to unlock even more personal accounts. People frequently use the same password across accounts, making it even simpler for fraudsters to execute credential stuffing and access as many user accounts as possible with the same exposed password. And while the database was not secured with a password, organizations should not be relying on passwords to keep personal records secure. Leveraging biometric authentication (using a person’s unique human traits to confirm identity) is a more secure way to confirm only an account owner can access their data.