With millions of Freebox subscriptions and Free Mobile plans, the Iliad group is obviously a prime target for hackers who move heaven and earth to steal personal data. According to a cybersecurity specialist who carefully observes what is happening on the darkweb, Free has been affected by a major data leak, the largest since its creation! For the moment, Xavier Niel’s operator has not yet confirmed the information.
Updated 10/28 : Free officially confirmed the data leak by sending an email to all its subscribers, specifying that all personal data is affected except passwords. The company says it “sincerely regrets this breach of confidentiality of (our) information”. The hacker, on the other hand, seems to be very unhappy and published thousands of bank details in retaliation.
Personal data, IBAN… a lot of information would have leaked
After SFR, which was hit by a major data leak a little over a month ago, it is now Free’s turn to potentially be the victim of a similar attack. According to information circulating on the social network X, a gigantic data leak has affected Freebox and Free Mobile subscribers. The Iliad group, Free’s parent company, has not yet confirmed these allegations, but the details that are emerging are worrying.
A cybercriminal has claimed on a darkweb forum that he has two databases that he claims are linked to Free. These databases would include nearly 19.2 million customer accounts and around 5.11 million IBAN details, thus impacting more than 90% of Free Mobile and Freebox subscribers. Among the stolen information would be names, first names, landline and mobile telephone numbers, postal addresses, dates of birth, email addresses and other sensitive data. This type of data is a gold mine for scammers.
The hacker would have put these bases up for sale, without specifying a price, preferring to leave negotiations open to interested parties. Malicious companies could be willing to spend hundreds of thousands of euros to obtain this information, in order to carry out phone scams, email phishing, or even identity theft.
A massive leak has just been discovered
According to _Saxx, a hacking expert, the leak took place on October 17, 2024 but remained unknown until this morning. The scale of the stolen data and its potential impact on the security of Free subscribers are unprecedented in the history of the operator.
While awaiting official confirmation from Free, subscribers are strongly recommended to take precautionary measures. It is advisable to:
- Change the password for your Freebox subscriber area
- Change your password for any associated Free email address
- Be extra vigilant against suspicious emails and unwanted phone calls, as massive scam attempts could occur in the days to come
In accordance with the legislation, Free must inform its subscribers by post or email if their personal data has been compromised. This notification obligation aims to allow users to react quickly and to limit the consequences of potential identity theft or other fraud.