Hackers are selling what appears to be ENI France customer data
An alleged customer database linked to the French branch of ENI, an Italian multinational energy company, has surfaced on a cybercrime forum. Hackers claim that the breach exposes business account information of government agencies, universities, hotels, and private companies across France.
-
A threat actor claiming ties to the cybercrime group Lapsus$ is allegedly selling an ENI France customer database containing roughly 89,000 records, though researchers believe the actual number may be lower due to duplicate entries.
-
The leaked data reportedly consists of B2B account information, including names, email addresses, company names, customer reference numbers, account statuses, and login activity timestamps linked to organizations across France.
-
The affected entities appear to include government agencies, universities, hotels, and private businesses, rather than individual consumer energy customers.
-
Although no payment information or highly sensitive personal data was observed in the sample, attackers could use the exposed business account details to conduct targeted phishing and social engineering campaigns against organizations and users.
A threat actor claiming ties to the Lapsus$ cybercrime ecosystem is advertising an alleged ENI France customer database on an infamous underground forum. Italian energy giant ENI S.p.A operates globally in 62 countries, employing around 32,000 employees. The company boasts $94.6 billion in revenue.
According to the listing, the dataset contains approximately 89,463 records associated with ENI France, the French subsidiary. The seller claims the dataset contains customer account and profile management data.
While the dataset appears legitimate at first glance, Cybernews researchers who reviewed the leaked sample say the claimed figure may be exaggerated, as there are duplicate records.
What data was stolen?
The alleged database contains business account information rather than consumer energy customer records.
The data sample that Cybernews researchers examined includes:
- First and last names
- Email addresses
- Client type classifications
- Account status information
- Customer reference numbers
- Company names
- Account creation dates
- Last login timestamps
"The affected accounts appear to be B2B accounts," our researchers noted.
"The dataset includes entities such as government organizations, universities, hotels, and small businesses."
Although the leaked information does not appear to contain payment details or highly sensitive personal records, the business account databases can still provide valuable intelligence for attackers.
Stolen information can be weaponized in highly targeted phishing campaigns. Account creation dates and last login timestamps may help cybercriminals identify active accounts. Active accounts are more likely to respond to fraudulent communications.
Cybernews has reached out to ENI France for comment and will update this story if we receive a response.
What is $Lapsus?
While believed to consist mainly of teenage hackers, the Lapsus$ cybergang has recently targeted many major companies, including Vodafone, Ingka Group (the largest franchisee of the IKEA brand), Adidas, and AstraZeneca.
Among the gang's other high-profile victims are Rockstar Games, Microsoft, Nvidia, Samsung, Uber, and Okta.
Unlock more exclusive Cybernews content on YouTube.
