A major data breach has impacted Morocco’s Caisse Nationale de Sécurité Sociale (CNSS), exposing sensitive citizen information on the dark web. The attacker claims to have bypassed weak security systems, including a flawed 2FA, risking the exposure of millions of personal records. #DarkWeb #DataBreach #MoroccoCNSS
Keypoints
- The CNSS manages social security, pensions, and health benefits for Moroccan citizens.
- A threat actor claimed to have exfiltrated a large database with PII of thousands of individuals.
- The attacker identified vulnerabilities in the organization’s security, including ineffective 2FA measures.
- Proof of the breach includes data samples of 10,000 individuals and families; full data for sale includes hundreds of thousands of records.
- This incident marks the second major breach targeting the CNSS, raising national security concerns.
While the actor presents this as a new breach, it is worth noting that the claims may be tied to a previously reported incident. At that time, researchers highlighted a major CNSS data compromise with millions of digital identities at risk (Resecurity report). This raises the possibility that the latest claims are a re-use of earlier leaked data rather than evidence of a fresh compromise.
Read More: https://dailydarkweb.net/moroccos-social-security-fund-cnss-allegedly-breached-again/