Cyberattacks and phishing break the connection between Health Insurance and FranceConnect
[EN VIDÉO] Kézako: how is data encrypted on the Internet? Cryptography is the oldest form of encryption. There are traces of its use until 2,000 BC. This technique still used today, especially on the Web, reveals its mysteries on video thanks to the Kézako program from Unisciel and the University of Lille 1.
It has been several weeks since the taxpayers can no longer connect to the Impôts.gouv site via their digital sesame from FranceConnect. The service that facilitates connection to online public services has simply been deactivated.
Normally, it is, among other things, through Ameli, that is to say from the personal account to the health insurance, that the connection to the tax service is carried out, rather than having to enter the identifiers provided by the taxman. So why this deletion of the button FranceConnect ? Because, according to newspaper information The chained Duck, it was because of huge FranceConnect security breaches that this decision was made. For its part, the National Health Insurance Fund has also withdrawn this option since August 12, explaining that access to the Ameli portal via FranceConnect will be deactivated until these flaws are corrected.
Two-factor authentication in the works
Originally, many cases of hacking of this unique sesame took place this summer. The methods of the hackers consisted of operations of phishing by email to recover identifiers or by phone calls. With this process, the pirates then had access to all the accounts of the public services of a user and could then be reimbursed for drugs, or obtain a transfer from the tax authorities by modifying the online statements.
In addition to FranceConnect’s flaws, the Ameli portal site has experienced a lot of fraud attempts, linked to phishing. While waiting for the loopholes of some to be filled and for the phishing campaigns to dry up for others, the Department of State Information Systems is relying on raising awareness among the general public to limit the damage. From the moment a public service manages flows ofsilver towards the user, a system ofauthentication double factor may well be introduced in the future.
Subscribe to the newsletter the daily : our latest news of the day. All our newsletters