February 2025 brought one of the most notable data breaches in recent memory: a large-scale intrusion at Orange, in which more than 600,000 customer and business records were stolen. The attack primarily affected Orange Romania, but other international divisions of the telecom company were also impacted. The cracker, operating under the name "Rey", claimed to have had undetected access to internal systems for over a month, exploiting stolen login credentials and vulnerabilities in Jira software.
In just three hours, Rey reportedly exfiltrated 6.5 GB of data. The stolen content included email addresses, internal documents, contracts, source code, personnel information, and project details. After an extortion attempt failed, the attacker chose to release the data publicly. Orange confirmed the incident but stated that only a non-critical back-office application was affected and that customer-facing services were not impacted. Nevertheless, the breach raises questions about the effectiveness of the company's detection and response mechanisms.
This attack highlights the importance of securing non-human identities, such as API keys and service accounts, which are often less protected than human accounts. It also demonstrates how vulnerabilities in widely used tools like Jira can be exploited if not patched in time. The incident underscores the need for organizations to expand their security measures to cover all parts of their infrastructure, including internal tools and systems.
For information security professionals—especially those focused on web applications and corporate networks—this is a clear warning. It is essential not only to secure the external perimeter of infrastructure but also to pay close attention to internal systems and processes. Regular audits, keeping software up to date, and implementing advanced detection mechanisms are crucial to prevent such breaches.
The Orange incident serves as a reminder that even large, established companies are vulnerable to cyberattacks if they fail to continuously evaluate and adapt their security measures to the rapidly evolving threat landscape. Stay agile. It is a call to all organizations to take a proactive approach to information security.