An expert in cyber security has found the personal data of the domestic accounting on the sites of hackers in russia.
Damien Bancal, director of cyberintelligence in 8Brains, has laid hands on a list of tens of thousands of email addresses from the site of the chartered professional Accountants of Canada (CPA Canada).
The organization announced yesterday that hackers gained access to personal information of 329 000 people contained in its database, of which 47 000 in Quebec.
Damien Bancal has found a part of the information on a site that’s written in Russian as he infiltrates for years, and then on a second site, also in cyrillic.
On sites, a pirate offers in Russian to the list of 134 079 e-mail addresses from the website of the chartered professional Accountants of Canada.
Cobblers poorly shod
Our Bureau of investigation has itself been able to download the database, and then destroy after the writing of this story. It contained 134 079 e-mail addresses.
We were able to contact some of the individuals concerned.
“It does not surprise me, but it disappoints me,” says Frederic Vachon, an accountant at the ministry of Affairs of the world, including the e-mail appears in the database. The CPA, one is supposed to be the leaders of information security. It’s been a little cobbler’s poorly shod. “
Even resignation in Véronique Mining, accounting for regional Funds de solidarité FTQ.
“It seems that there is nothing to surprise us in the security on the internet, she said. Hackers are increasingly capable. “
“With this information, the attacker can write to thousands of accountants to trap them,” said Damien Bancal.
The victims therefore become more likely to receive messages from the crooks who have bought the hacked information to campaigns of phishing.
The database found on the sites Russian also contains suites of characters without significance, from the encryption of some data.
It is a password to access the site of CPA Canada, which are protected by encryption. Five pirates were discussing somewhere else to try to decipher these characters yesterday, but they were still not reached, stresses Damien Bancal.
“CPA Canada is aware that this list is circulating,” wrote the spokesperson of the organization, Perry Jensen, in an e-mail to our Bureau of investigation. The information it contains is included in the leak reported yesterday.
The research of Damien Bancal demonstrate that dozens of other hackers were able to download the information. “On a publication, 60 people had responded to say that they loved him,” he said. As many individuals who have probably downloaded. “
The scammers were able to access the systems over five months, from November 30, 2019 may 1, 2020, according to CPA Canada.
If you have information on cybersecurity, please contact Hugo Joncas at 438 396-5546 (cell, Signal) or to email@example.com.