
The Babuk cybercriminal group, known for its attacks on large companies, has published unverified claims of a massive data leak at Orange, a major telecom operator. Cybernews researchers who verified the data believe the claims may be credible.
๐ฃ "We will publish 1TB of data if they don't want to negotiate with us," Babuk threatens on its darknet leak site. "And that's not all we stole, the sample we provided is just a small part".

The cybercriminals claim to have hacked Orange on Sunday, March 16, and stolen "all information related to orange.com and orange.ro from Romania".

According to the post, Babuk has 4.5 terabytes of "highly detailed" information.

Among the stolen data, the hackers mention email addresses, customer data, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit card numbers, call logs and other personally identifiable information (PII).
๐ If the information is confirmed, the leak could pose serious risks to Orange customers, as their personal data and correspondence could be used for cyberattacks, phishing attacks or business email compromise schemes.
๐ฃ "A data leak poses serious risks to both employees and the organization, exposing sensitive personal and corporate information, which could lead to identity theft, targeted attacks and further exploitation by malicious actors", said Neringa Maciauskaite, an information security researcher.

Babuk ransomware has recently made numerous unconfirmed claims, including alleged breaches of Taobao, Pinduoduo, Jingdon, and several government agencies around the world.

It is unclear how exactly the hackers were able to access such large organizations in such a short time.

Babuk is a profitable ransomware cartel that offers its malware and support as a service and targets large enterprises. It first appeared in 2020, and SentinelOne researchers have linked Babuk to another cybercriminal group.

The criminals uploaded a 6.44 GB data sample with thousands of internal Orange documents. Some of the files contain employee data such as names, logins, email addresses, and time zones, as well as a list of various Jira projects associated with the orange.ro domain. Jira is a project management software used to track tasks, bugs, and other workflows.
๐ One of the directories, called "issues", contains 235 files with issues related to system setup, monitoring, user management, feature development, and other issues.

Also in the file called "pii_extracted", there are email addresses from the domains orange.com, tremend.com/ro, and publicissapien.com, as well as some phone numbers.
๐ Another directory, "Files", contains about 8,600 internal documents.

The file names indicate the presence of sensitive information, such as customer correspondence, financial data (balances, invoices, conversion rates), and other employee and customer data.