Algérie Poste has once again come under scrutiny, following reports of a new alleged breach on its ECCP system in August 2025. A threat actor operating under the alias, Silenth3xDz, claimed responsibility, citing “insufficient server monitoring” as the primary cause of the compromise. According to the threat actor, access was gained to certain user accounts within ECCP, and samples of compromised data were disclosed on underground forums.
This incident follows closely on the heels of the July 2025 ECCP breach, where hackers leaked sensitive Algerian ID cards and passport details allegedly stolen through vulnerabilities in the same platform. At the time, CyHawk Africa reported how attackers exploited the ECCP system to exfiltrate identity documents belonging to Algerian citizens, raising concerns about systemic flaws in the platform’s security. Read July’s coverage here
The repeated targeting of Algérie Poste’s ECCP platform underscores growing concerns about Algeria’s digital infrastructure. With two alleged breaches surfacing within the span of a month, questions are being raised about the platform’s resilience against persistent threat actors and whether existing monitoring and protection measures are sufficient.
The August breach allegedly exposed access to ECCP-linked accounts, which could pave the way for further exploitation, including identity theft, financial fraud, and additional government system compromises.
Algeria has become a recurring target of cybercriminal activity across North Africa, with its government institutions frequently appearing in darkweb markets. The alleged repeated compromise of ECCP, a critical system that manages citizen-facing services, demonstrates how attackers are zeroing in on weak points in national infrastructure.
With July’s ECCP breach still fresh, this alleged August compromise represents not just another attack, but a continuation of a wider security challenge facing Algeria’s digital landscape. Unless robust measures are taken, repeated breaches may erode public trust in national services and embolden cybercriminal groups seeking to exploit critical state platforms.