Brinztech Alert: Database of Eurofiber is on Sale

Dark Web News Analysis

A threat actor, “ByteToBreach,” is advertising the alleged sale of the entire GLPI IT system database from Eurofiber. This claim, if true, represents one of the most severe supply chain attacks imaginable, compromising the “crown jewels” of a core European critical infrastructure provider.

My analysis confirms Eurofiber is a “vital” infrastructure company (per the Dutch government) that operates over 76,000 km of fiber network and 11 data centers, serving thousands of B2B clients, including:

• Government: French Ministry of Interior, Ministry of Sustainable Development
• Defense & Aerospace: Thales Aerospace
• Critical Telecoms: Orange Telecom, SFR Telecom, Colt Technology
• Finance: Axa Insurance, BPCE Group (a major French bank)

This is not a simple PII leak. The attacker is selling the core operational data for Eurofiber and its clients, allegedly stolen from their GLPI (an open-source IT asset management system) portal. The data for sale reportedly includes:

• SSH Private Keys
• Cloud Setup Files
• VPN Configurations
• Source Codes
• SQL Backups
• Admin API & App Keys
• Client Data, Tickets, and Internal Messages

The attacker claims they used a slow, time-based SQL injection on Eurofiber’s GLPI instance, which was likely an unpatched, vulnerable version (e.g., 10.0.7-10.0.14). Public vulnerability data confirms that CVE-2024-29889 and CVE-2025-24799 are critical SQL injection flaws affecting these exact versions of GLPI.

This is a complete toolkit for an attacker to bypass all modern defenses and gain direct, administrative access to Eurofiber’s clients’ core infrastructure.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Catastrophic Supply Chain Compromise: The breach of a major B2B telecommunications provider’s core IT system exposes a vast network of high-profile clients, including government and critical infrastructure, highlighting significant supply chain attack risks.
• Deep Operational Data Exposure: The leaked data includes highly sensitive technical assets like SSH private keys, cloud configurations, and source codes, providing potential direct access and control over affected client infrastructures.
• Vulnerability in Core Enterprise Software: The compromise of a widely used IT management system (GLPI) via a known SQL injection vulnerability (like CVE-224-29889) underscores the severe cascading impact that unpatched internal-facing software can have across an entire client base.
• Ineffective Ransom Negotiation: The attacker claims to have contacted EuroFiber and GLPI (Teclib) for ransom with no response, leading them to sell the data on the open market.

Mitigation Strategies

In response to this claim, all affected clients and Eurofiber must take immediate and decisive action:

• Immediate Credential Rotation and Infrastructure Audit: All affected clients and Eurofiber must immediately invalidate and rotate all credentials (including SSH keys, API keys, and database credentials) that may have been stored or transmitted via the compromised GLPI system, followed by a comprehensive audit for unauthorized access.
• Patch GLPI and All Internal-Facing Tools: This breach was allegedly caused by an unpatched vulnerability. All organizations must ensure their internal-facing IT management tools (GLPI, Jira, etc.) are up-to-date, not exposed to the internet, and secured.
• Enhanced Third-Party and Supply Chain Security Assessments: All clients of Eurofiber must trigger their third-party incident response plans. They must implement rigorous security assessments and continuous monitoring, especially for vendors managing critical IT infrastructure.
• Secure Data Handling and Communication Protocols: Educate all employees and clients on secure communication practices, prohibiting the transmission of highly sensitive operational data (e.g., private keys, configuration files) through unencrypted or general-purpose ticketing systems, and enforcing the use of secure alternatives.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com