Free was the victim of a data leak. As confirmed by the operator, a hacker managed to penetrate one of its management tools to exfiltrate a mountain of data personal information about its subscribers.
A few days after the leak, a cybercriminal put the database, which includes 19,192,948 customer accounts, up for sale on a black market. Most recently, the hacker streamed for free a sample of 100,000 IBANs belonging to Free's customer base on BreachForums, a hub for compromised data.
Also read: Data leak hits one of the world's largest asset managers
More than 5 million IBAN addresses hacked
In the publication, which 01Net was able to consult, the hacker claims to have “a hell of a desire to make a mess”in reference to the latest book by Xavier Niel, founder of Free. The cybercriminal, who calls himself drussellx, claims to have more than five million IBAN addresses relating to Free subscribers.
With this sample, the pirate seeks to advertise the directory put on sale last week. He also adds that a “copy of data is about to be sold for more than $70,000”and invites Free to negotiate:
“If the company does not participate in this unique auction in the coming days, this copy of the data will be sold, resulting in serious consequences for customers and will likely be publicly disclosed on forums in the near future”.
The hacker reacts to Free's email
In the opinion of cybersecurity researcher Clément Domingo, “this new publication is certainly in reaction to the email from Free, which he probably found lax… and which barely mentioned the compromise of IBANs”. Free was indeed careful not to warn its subscribers of the theft of bank addresses in its email.
“Since their last press release, they have not been able to confirm that these were also compromised, unless this was a communications strategy to not scare away customers”tackles the hacker behind the hack on BreachForums.
Shortly after the sample was put online, Xavier Niel's operator took the trouble toformalize the theft of IBAN accounts in a second email communication. The group corrected the situation by simply adding the IBAN mention to the long list of exfiltrated data.
The danger of compromised IBANs
The IBAN leak poses serious threats to Free customers. In a reaction to 01Net, Marijus Briedis, chief technology officer of NordVPN, points out that the IBAN (International Bank Account Number), the international number which allows a bank account to be identified, can serve as a starting point for a range of scams:
“The IBANs associated with subscriber identifiers and contractual data could facilitate a scam involving fake advisors. The latter could excuse a direct debit problem and request immediate payment by bank card by telephone or email.”
Worse, hackers can also take money directly from your bank account. Indeed, “with an IBAN and precise personal data, you can also issue direct debit orders”. In other words, cybercriminals can pretend to be you and ask your bank for authorization to debit your account.
As a reminder, Free has notified the competent authorities shortly after the intrusion into its systems. The telecoms troublemaker indicates that the National Commission for Information Technology and Liberties (CNIL), the National Agency for Information Systems Security (ANSSI) and the public prosecutor have been contacted.
For Clément Domingo, it is about “biggest hack of a telephone operator in France”in the face of the hacking of SFR and the previous information breach suffered by Free. Mirroring Free and SFR, many French companies have found themselves assailed by cybercriminals in recent months. In the third quarter of 2024, data theft even accelerated with 17.2 million accounts hacked. For Clément Domingo, these are the data of eight out of ten French people who wander around on black markets, at the mercy of cybercriminals…
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
