Leak at Le Point
On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.
- Victim
- Le Point
On 18 November 2024, Le Point — a major French weekly news magazine — confirmed it had been the victim of a personal-data theft affecting its readers, the latest in a string of attacks on French media outlets including La Croix and Libération.
The breach did not originate in Le Point's own systems but in a subcontractor that operated its subscriber-relationship management (CRM) tool. Security analysts assessed that the provider was most likely compromised through a software vulnerability or via social engineering against an employee account, allowing the attacker to extract the customer database. A seller had advertised the data on a criminal forum on 13 November, posting a sample as proof and offering the full set for roughly €350.
Exposed data categories included:
- Full names
- Email addresses
- Phone numbers
- Postal addresses
- Dates of birth
The attacker claimed roughly 900,000 current and former subscribers were affected, a figure Le Point did not formally confirm. Banking details and account passwords were reportedly not part of the leak. Le Point notified France's data-protection regulator (CNIL), filed a complaint with the Paris prosecutor's office, and set up a dedicated hotline, while urging readers to stay alert to phishing and to consult cybermalveillance.gouv.fr.
Sources
- lepoint.frhttps://www.lepoint.fr/high-tech-internet/apres-la-croix-et-liberation-le-point-victime-d-un-vol-de-donnees-personnelles-18-11-2024-2575566_47.php
- clubic.comhttps://www.clubic.com/actualite-544085-cyberattaque-le-point-comment-le-media-a-pu-etre-frappe-par-les-hackers-avec-de-nombreuses-donnees-derobees.html
- mac4ever.comhttps://www.mac4ever.com/divers/185395-l-hebdomadaire-le-point-victime-a-son-tour-d-un-important-vol-de-donnees