The affair was revealed by ethical hacker SaxX on the social network X (formerly Twitter), who spotted a suspicious sale on what he describes as “the Amazon of the dark web”. The file in question, weighing 43.6 gigabytes, would contain a gold mine of sensitive information: names, first names, postal addresses, telephone numbers, emails, and even Freebox identifiers of customers. Even more worrying, a second file would contain the bank details (IBAN) of more than 5.11 million subscribers.
This possible data breach occurs in a particularly delicate context for French telecom operators. SFR, French public services (Pôle Emploi, CAF and France Connect) have recently suffered a series of hacks.
For Free, this situation is all the more embarrassing as the operator already has cybersecurity liabilities. At the end of 2022, the company was singled out by the CNIL for failings in the protection of its customers’ personal data.
Caution remains in order. Last year, a similar alert concerning 14 million customers turned out to be a false alarm, strongly denied by Free. This new threat could therefore be either a ransom attempt targeting the operator, or a scam intended to trap potential buyers on the dark web.
In the meantime, the alleged seller’s modus operandi deserves our attention. Indeed, it promises to transfer all of the files in a single transaction, via an escrow system, a sort of trusted third party on the dark web guaranteeing the proper execution of the transaction. This professional approach raises concerns about the credibility of the threat.
🚨🔴CYBERALERT, 🇫🇷FRANCE 🔴 | 19M accounts and 5M IBANs from the telephone operator Free put up for sale on the “Amazon of cybercrime”
Yesterday night, a cybercriminal put two databases supposedly belonging to Free up for sale:
👉 one with 19,192,948 accounts… pic.twitter.com/24lgxXsoWv— SaxX ¯_(ツ)_/¯ (@_SaxX_) October 22, 2024
How to protect yourself against threats?
Faced with this situation, cybersecurity experts recommend that Free customers be extra vigilant. Recommended preventative measures include systematically updating operating systems, using a strong password manager, and enabling two-factor authentication on all sensitive accounts. Regular monitoring of bank statements is also recommended to detect any suspicious activity.
For now, Free has not yet officially confirmed the veracity of this leak. Contacted by the editorial staff, the company currently has no comment to make on this potential threat. We will be sure to update this article as soon as Free sends us its official communication.
- A possible massive data leak at Free would affect 19 million customers.
- Sensitive data includes personal and banking details of 5 million subscribers
- The authenticity of the leak is not yet confirmed, but vigilance is recommended for all Free customers
