He has Free, he doesn’t understand everything. This week, the company was the subject of a cyberattack on an unprecedented scale. 19 million customer data were for sale on the dark web. Among them, 5 million IBANs were available. In any case, this is what the X account called SaxX indicated. An account to be taken seriously since it is the source of information for the numerous leaks that have taken place in recent months at Free or SFR but also at various institutional sites.
Today, this same account indicates that 100,000 IBANs out of the 5.11 million held by the hacker were distributed free of charge on the “Amazon of cybercrime”. Why would the hacker behind this leak have revealed data that he had put on sale for 10,000 euros (and now valued at $70,000)? According to SaxX, this would be a retaliation following Free’s reaction published yesterday.
🚨🔴CYBERALERT, 🇫🇷FRANCE 🔴 | Cyberattack Free, 100,000 IBANs distributed for free on the “Amazon of cybercrime” by the same French cybercriminal
Last night at 4:30 a.m., the cybercriminal behind the Free cyberattack released a sample of 100… pic.twitter.com/qPzE0Yq5bn
— SaxX ¯_(ツ)_/¯ (@_SaxX_) October 27, 2024
Free didn’t understand everything
“This new publication is certainly in reaction to the email from Free, which he probably found lax… and which barely mentioned the compromise of IBANs…” indicates SaxX on his X account. And adds:
His message is also unequivocal with a photo taking up the title of Xavier Niel’s latest book, “A hell of a desire to make a mess!” (…) We are facing the biggest hack of a telephone operator in France!
Free actually took a long time to react to the initial threat. The editorial staff of Presse-citron, who contacted Free the same day to confirm the attack, never received a response from the company. Yesterday, during the day, we received an email from the operator intended for its subscribers. Free confirms that millions of personal data have been stolen by a hacker, confirming the attack at the beginning of the week. On the other hand, Free never mentions the 5.11 million IBANs put up for sale. Here is an excerpt from the email sent by Free:
We are writing to inform you that Free has been the victim of a cyberattack targeting a management tool. This attack led to unauthorized access to part of the personal data associated with your subscriber account: first name, last name, email and postal addresses, date and place of birth, telephone number, subscriber identifier and contractual data (type of offer subscribed , subscription date, active subscription or not).
According to subscribers, Free indicates whether your account is one of those affected by the attack (we are spared). But at no time does the operator indicate that banking data has been stolen. SaxX’s hypothesis seems to be confirmed: the hacker leaked 100,000 IBANs in order to prove that the data sold actually contains this information.
For the moment, Free has not reacted to this new data leak. Our various requests to the press service have so far proved unsuccessful. We will be sure to update this article as soon as we know more.
- 100,000 Free subscriber IBANs were put online for free on the “Amazon of cybercrime”
- The hacker behind this leak is the same one who leaked the personal data of 19 million customers earlier this week
- This leak appears to be a retaliation following Free’s reaction after the first attack
