Saturday, June 14, 2025
HomeCyber Security NewsOrange Communication Breached - Hackers Allegedly Claim 380,000 Email Records Exposed

Orange Communication Breached – Hackers Allegedly Claim 380,000 Email Records Exposed

Published on

SIEM as a Service

Follow Us on Google News

Telecommunications provider Orange Communication faces a potential data breach after a threat actor using the pseudonym “Rey” claimed responsibility for leaking 380,000 email records and sensitive corporate data on a dark web forum.

The alleged breach, disclosed earlier this week, includes source code, internal invoices, client contracts, project blueprints, and user data, raising concerns about operational security and customer privacy.

Scope of the Breach

According to forum posts reviewed by cybersecurity researchers, the leaked data spans multiple categories critical to Orange’s operations.

- Advertisement - Google News

Forum posts reviewed by cybersecurity researchers

Source code repositories for customer management systems and network infrastructure tools were reportedly exposed, potentially compromising proprietary technology.

Financial documents, such as invoices and service agreements with enterprise clients, were also included in the dump, which could reveal contractual terms and pricing structures.

Most notably, the threat actor asserted that 380,000 email addresses linked to Orange’s consumer and business accounts were extracted, though password hashes or payment details were not explicitly mentioned.

Rey, the alleged hacker, did not specify motives but hinted at “leveling the playing field” in a forum statement, suggesting ideological or retaliatory intentions.

Cybersecurity analysts hypothesize the breach resulted from a combination of phishing attacks and exploitation of unpatched vulnerabilities in Orange’s cloud storage systems.

The leak followed a months-long absence of major security updates to the company’s employee authentication portals, according to independent audits.

Orange’s Response and Investigation

Orange Communication issued a brief statement acknowledging “irregularities in its data logs” but stopped short of confirming the breach.

The company emphasized that its core networks remain secure and urged customers to enable two-factor authentication as a precaution.

A spokesperson confirmed collaboration with INTERPOL’s Cybercrime Directorate and third-party forensic experts to assess the claims.

Cybersecurity experts warn that exposed email addresses could fuel targeted phishing campaigns or credential-stuffing attacks across other platforms.

Individuals and businesses tied to the leaked contracts may also face reputational harm or competitive disadvantages if sensitive terms were disclosed.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...