SFR finds itself in turmoil again. This Sunday, November 24, 2024, the hackers of the collective Near2tlg indicated that they had stolen the personal data of 3.6 million SFR subscribers. To prove its claims, the gang posted a sample of the compromised data online on its Telegram channel, which has become very active in recent days.
The attack would be based on unauthorized access to SIBO360, management software used by SFRexplains researcher Clément Domingo on his X account. The data was put on sale for 500 euros in cryptocurrencies. According to the expert, this reduced amount should make it possible to attract dozens of buyers.
Contacted by a colleague from FranceInfoSFR denied the existence of a new hack. The operator “denies having been the victim of a new data leak” and suggests that the compromised information comes from the cyberattack that occurred in September 2024. Two months ago, 50,000 customer records were stolen by cybercriminals during a “security incident”.
Revenge of the SFR pirates
Obviously, SFR's denial annoyed the Near2tlg hackers. Hours after the company's denial, the hackers released the entire database on their Telegram channel. Cybercriminals have given up on monetizing the directory. This was shared for free and is now accessible to all Internet users.
“SFR prefers to lie to its customers by saying that we resell the same data… Firstly it’s a lie, secondly it gives us bad publicity. This cannot go unpunished, so help yourself my brothers!!! »announces Near2tlg on Telegram.
Among the data shared, we find the surname, first name, email address, full postal address, date of birth, and telephone number of subscribers. This information can be combined with other data leaks to orchestrate phishing attacks or impersonate customers.
We can expect an explosion of scams in the days and weeks to come, in the same way that the Free hack caused an increase in scams. In a reaction to 01Net, Marijus Briedis, CTO of NordVPN, points out that “disclosed telephone numbers are, for example, a boon for cybercriminals who will be able to access personal information such as passwords and banking data if they set up successful vishing or smishing operations”.
In the eyes of researcher Clément Domingo, “unfortunately we must believe that it was they who were right and that the communication from the telephone operator SFR did not correspond in any way with the 50,000 files from the previous hack dating back a few weeks”.
A new, increasingly active gang
In the process, the hackers specify that a database of 150,000 personal data concerning SFR customers is still for sale. As the gang explains on BreachForums, this information comes from the hack last September. This is a new compilation which includes in particular the IBAN and the bank identity statement.
This is not the collective's first attempt. Last week, the small French group put up for sale a database stolen from Direct Assurance, an online insurance company, a subsidiary of the AXA group, and the medical files of 750,000 French people.
“This free online posting for a question of reputation shows that there will be a sequel. It does not bode well for other companies which will be or have already been the target of these same hackers. The latter, for their part, gain credibility with possible future buyers,” relate Marijus Briedis.
Near2tlg is also responsible for the cyberattack against Le Point. On BreachForums, cybercriminals also put up for sale the data of several small entities, including a French SME. The group clearly does not intend to stop there. Among its next targets, Near2tlg highlights the SNCF…
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
