[RISK] The French government's public service website is at risk of account takeover (ATO).
Summary:The French government's public service website, https://www.service-public.fr, is facing the risk of account takeover (ATO), affecting at least over 50,000 French citizens.
Pavel Durov, the founder and CEO of Telegram, was arrested in France today and may face charges of terrorism, money laundering, and drug trafficking. As one of the world's greatest instant messaging software, Telegram serves over 1 billion users, yet its CEO has been arrested by the French government, which is an unacceptable incident. France, which advocates freedom of speech, is actually slapping itself in the face with such an action.
In order to serve its customers well, Telegram has kept the risk of account takeover (ATO) extremely low. However, the French government's public service website, which is intended to serve its citizens, has extremely poor security and is facing a very serious risk of ATO. The French government should first fulfill its obligation to serve its citizens before judging others.
We recommend notifying the website's members of the leaked login credentials through 'Dark Web Reports', urging them to promptly update their credentials. Regardless of whether 2FA is implemented, securing leaked accounts by locking them and resetting login credentials is a robust security measure. Additionally, it’s advisable to alert affected users to change their passwords immediately. DarkWeb.vc offers highly cost-effective intelligence on login credential leaks to enterprises.