Attackers claim they managed to penetrate parent accounts of OVHcloud, a major French cloud computing company. However, the company’s founder denies data belongs to the company, while our researchers also remain skeptical of a data breach.
-
Cybercriminals claim to have stolen details on 1.6 million customers and 6 million websites.
-
OVHcloud founder Octave Klaba confirmed the specific data sample was not found on company servers.
-
Cybernews researchers found the sample data lacked context and details.
-
The hackers provided only one line of data, suggesting a financial scam involving fake leaks.
Claims of a data breach at OVHcloud appeared on a popular data leak forum used to trade in stolen details. According to the attackers, they have access to “OVH’s parent account and their servers.”
The access, the cybercriminals want us to believe, allowed them to extract 590TB of data, including details on 1.6 million OVH customers and nearly 6 million active websites hosted by the cloud company. The website data allegedly includes:
- Website code
- Website database
- Server configuration
However, the post’s author was scant with details, only providing one line of sample data. Typically, attackers include thousands of lines to convince data leak forum users that the theft is legitimate.
Meanwhile, Octave Klaba, founder and chairman of OVHcloud, explained the company investigated the data sample and could not find it hosted on the company’s servers, implying that the attackers’ claims are void.
We have reached out to the company for comment and will update the article once we receive a reply.
Cybernews researchers also investigated the attacker’s post and reached a similar conclusion to the OVH founder. According to the team, the limited sample included personally identifiable information (PII), such as email addresses, names, and phone numbers.
“This type of information doesn’t mean much without context or additional data. We don’t see any indications that this data belongs to OVH, and it could have come from anywhere,” our researchers explained.
The attackers themselves don’t inspire much trust either. While the post’s author is marked as an administrator, the OVH data breach is the only one associated with the user’s name. There’s no indication that the forum community knows anything more, as the only comments ask the attacker for more samples.
There are numerous reasons why attackers would post fake data. The simplest motivation could be financial. Scammers prowl data leak forums for users who would pay for fake data and then disappear with the funds, knowing perfectly well the “victims” could complain to absolutely no one.
Recently, we have noticed similar behavior on data leak forums, including attackers falsely boasting about breaching American tech giant Dell, analytics software maker SAS Institute, and French insurance behemoth AXA.
Was OVHcloud really hacked?
Currently, the alleged data breach is unconfirmed and highly skeptical. OVHcloud founder Octave Klaba stated that the company investigated the sample data provided by the attackers and found no evidence that it originated from their servers. Security researchers note that the sample provided (a single line of data) is insufficient to prove a breach.
What data did the hackers claim to steal from OVH?
The attackers claimed to have accessed 590TB of data, including the source code, databases, and server configurations for 5.9 million websites. They also alleged to have personal details on 1.6 million OVH customers. However, these claims appear to be exaggerated or entirely fabricated.
Is my website hosted on OVH at risk?
Based on current evidence, your website is likely safe. The “sample” data provided by the attackers contained generic information that could have come from anywhere, not necessarily OVHcloud.
Unlock more exclusive Cybernews content on YouTube.
