© Shutterstock/Free/Presse-citron
The case was revealed by ethical hacker SaxX on the social network X (formerly Twitter), who spotted a suspicious sale on what he calls the “Amazon of the dark web”. The file in question, weighing 43.6 gigabytes, is said to contain a goldmine of sensitive information: names, first names, postal addresses, telephone numbers, emails, and even customers' Freebox identifiers. Even more worrying, a second file is said to contain the bank details (IBAN) of more than 5.11 million subscribers.
This possible data breach comes at a particularly delicate time for French telecom operators. SFR, French public services (Pôle Emploi, CAF and France Connect) have recently suffered a series of hacks.
For Free, this situation is all the more embarrassing given that the operator already has a cybersecurity liability. At the end of 2022, the company was singled out by the CNIL for failings in the protection of its customers' personal data.
Caution is still required. Last year, a similar alert concerning 14 million customers turned out to be a false alarm, firmly denied by Free. This new threat could therefore be either an attempted ransom targeting the operator, or a scam intended to trap potential buyers on the dark web.
In the meantime, the modus operandi of the alleged seller deserves our attention. Indeed, he promises to transfer all the files in a single transaction, via an escrow system, a sort of trusted third party on the dark web guaranteeing the proper execution of the transaction. This professional approach raises concerns about the credibility of the threat.
🚨🔴CYBERALERT, 🇫🇷FRANCE 🔴 | 19M de comptes et 5M d'IBAN de l'opérateur téléphonique Free mis en vente sur le "Amazon de la cybercriminalité"
Hier nuit, un cybercriminel a mis en vente deux bases de données supposées appartenir à Free :
👉 l'une comportant 19 192 948 de comptes… pic.twitter.com/24lgxXsoWv— SaxX ¯_(ツ)_/¯ (@_SaxX_) October 22, 2024
How to protect yourself against the threat ?
Faced with this situation, cybersecurity experts recommend that Free customers be extra vigilant. Recommended preventive measures include systematically updating operating systems, using a robust password manager, and activating two-factor authentication on all sensitive accounts. Regular monitoring of bank statements is also recommended to detect any suspicious activity.
For now, Free has not yet officially confirmed the veracity of this leak. Contacted by the editorial staff, the company has no comment to make on this potential threat at this time. We will be sure to update this article as soon as Free has sent us its official communication.
- A possible massive data leak at Free would affect 19 million customers.
- The sensitive data includes the personal and banking details of 5 million subscribers
- The authenticity of the leak has not yet been confirmed, but vigilance is recommended for all Free customers
📍 To not miss any Presse-citron news, follow us on Google News and WhatsApp.