Multiple French govt institutions’ emails, passwords exposed, hackers claim

Last updated: 26 May 2025
French government email leak
Image by Cybernews.

Multiple emails and passwords attributed to numerous France-based organizations and institutions were posted on a dark web forum run by a prominent ransomware cartel.

The dataset was posted by the Stormous ransomware cartel, with attackers claiming it’s a “comprehensive leak” from “high-profile French government organizations.” The Cybernews research team investigated the claims, concluding the supposed leak did include some data, albeit of questionable quality.

For one, while the leaked data appears to come from high-profile French government institutions, the passwords are hashed using an outdated MD5 algorithm, deemed weak by numerous security researchers.

ADVERTISEMENT

“That said, this could also be an old dataset from a time when stronger security standards weren’t yet in place,” researchers said.

Post on dark web
Attackers' post on the dark web. Image by Cybernews.

If that were the case, attackers could utilize the data for convincing phishing campaigns. For example, attackers could use the email to impersonate government agencies and demand additional details or even financial information.

“And if threat actors manage to crack the hashes, it could give them access to some of these organizations’ systems — especially if credentials are reused or poorly secured,” the team said.

According to the team, some prominent organizations are listed in the dataset, including:

  • Agence Française de Développement (French Development Agency)
  • Agence Régionale de Santé Ile-de-France (Regional Health Agency of the Paris Region)
  • Allocations familiales (Family Allowance Fund or Family Benefits Office)
  • Cour des comptes (Court of Audit or Court of Accounts)
  • Caisse Régionale de Crédit Agricole Mutuel Loire Haute-Loire Société coopérative (regional bank belonging to the Credit Agricole Group)
France data leak
Sample of the supposedly leaked data. Image by Cybernews.

The volume of exposed email addresses greatly varies from organization to organization, with some having several emails exposed, while hackers claim others had hundreds of email addresses revealed.

ADVERTISEMENT

We reached out to the French Cybersecurity Agency (ANSSI) for comment and will update the article once we receive a reply.

Last year, Cybernews wrote about an exposed instance that contained 95 million records belonging to French citizens, including phone numbers, email addresses, and partial payment information.

Meanwhile, the Stormous ransomware group was first identified in 2022, making the gang one of the older players in the field. For example, last year the gang claimed an attack on the Belgian brewer Duvel Moortgat.

According to Cybernews’ dark web tracker Ransomlooker, the gang has victimized at least 34 organizations over the last 12 months.

Stefanie Ernestas Naprys Niamh Ancell BW Paulina Okunyte
Be the first to know and get our latest stories on Google News
Google News Follow us
Share
Post
Share
Share
Share
More from Cybernews
Tech companies pivot to military gear as NATO wavers and Putin’s threats grow
Windows Snipping Tool is getting a GIF creation upgrade
Iran hacks security cameras to gain intel on Israel – media
Russia-linked attackers hit target with novel social engineering attack
VR’s role in stroke rehabilitation
Scientists believe that the “heavenly sounds” of electric cars come with a safety flaw
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked