A hack that could be on an unprecedented scale! Last week, a hacker claimed to have siphoned off the personal data of almost all of Free's customers. The leak was confirmed by Xavier Niel's operator this weekend.
Updated 10/28/24:
Free confirms that it was the victim of the cyberattack having compromised the personal data and banking details of its customers, without however revealing the extent of the leak. This weekend, the operator's subscribers received this email inviting them to be vigilant.
Free hardly mentions the scale of the hack, which must not have been to the taste of the hacker who leaked online a sample of 100,000 IBANs out of the 5.1 million that would have been stolen. Furthermore, the hacker indicates that a copy of the data is about to be sold for $70,000, knowing that the auction had started at $10,000.
This content is blocked because you have not accepted cookies and other trackers. This content is provided by Twitter.
To be able to view it, you must accept the use carried out by Twitter with your data which may be used for the following purposes: allowing you to view and share content with social media, promoting the development and improvement of products from Humanoid and its partners, display personalized advertisements to you in relation to your profile and activity, define a personalized advertising profile, measure the performance of advertisements and content on this site and measure the audience of this site (find out more more)
By clicking on “I accept all”, you consent to the aforementioned purposes for all cookies and other trackers placed by Humanoid and its partners.
You can withdraw your consent at any time. For more information, we invite you to read our Cookies Policy.
I accept everything
Manage my choices
What do you risk if your IBAN has been hacked?
We hear from all sides that a hacker can't do much with an IBAN. This is false when these bank details are crossed with other personal data. A hacker obviously cannot use your bank account without a signed direct debit mandate, at least in theory.
On X, the ethical hacker SaxX warns that with a simple IBAN, a hacker can create a SEPA direct debit mandate himself. Since banks are not perfect when it comes to security, some may let direct debits go through without checking with their customers. A hacker can also divert expected payments from your account to his own, such as a salary or payment of a bill.
It is therefore strongly recommended to regularly monitor your accounts. If you spot unauthorized bank debits, you must immediately report them to your bank within 13 months of the debit(s). The bank is obliged to reimburse you and can only challenge it if it can prove serious negligence on the part of the customer.
Also read:
Malfunction at Free: a danger for subscribers in the event of an emergency?
Article original du 22/10/24 :
A 43.6 GB file was put up for sale on the “Amazon of the dark web” alerts the ethical hacker SaxX about X, and it would include the personal data of more than 19 million Free Mobile and Freebox customers. A second file would contain the IBANs of more than 5 million customers. A fact which does not fail to recall the serial hacks of which SFR was recently the victim.
This content is blocked because you have not accepted cookies and other trackers. This content is provided by Twitter.
To be able to view it, you must accept the use carried out by Twitter with your data which may be used for the following purposes: allowing you to view and share content with social media, promoting the development and improvement of products from Humanoid and its partners, display personalized advertisements to you in relation to your profile and activity, define a personalized advertising profile, measure the performance of advertisements and content on this site and measure the audience of this site (find out more more)
By clicking on “I accept all”, you consent to the aforementioned purposes for all cookies and other trackers placed by Humanoid and its partners.
You can withdraw your consent at any time. For more information, we invite you to read our Cookies Policy.
I accept everything
Manage my choices
Also read:
50,000 SFR customer files distributed online by French hackers!
The leak has not yet been confirmed by Free
As usual, this file put on sale contains personal data, some of which is sensitive, on the customers of Xavier Niel's operator. In addition to surnames, first names, telephone and email details, other sensitive information would appear there such as postal address, Freebox identifier or even bank details.
SaxX indicates, however, that this so-called hack should be taken with a grain of salt. The leak has not yet been confirmed by Free. For the moment, we only know that the hacking took place on October 17 and that the seller intends to transfer the files in one go through a system ofescrowa cyber-intermediary system that guarantees the transaction of funds and data!
Last year, a hacker claimed to have hacked the data of 14 million customers, which Free strongly denied. This can therefore also be an attempt, either to ransom the operator, or to fool potential buyers.
This leak comes in a context where hacks are accumulating. Both among operators and in our public services (Pôle Emploi, CAF, France Connect, etc.). Let us also remember that Free is not an example in terms of cybersecurity. At the end of 2022, the operator of the Iliad Group was condemned by the CNIL for failure to protect personal data.
Also read:
Free Mobile: a derisory fine for failure to protect personal data
What should we do if we are affected by this leak?
If you are a Free customer and you have any doubts, don't wait to react! Here are the steps to take if your data is potentially published on the dark web. These reflexes should be adopted, both for individuals and for businesses:
- Update all your systems : OS updates for your devices close security gaps. It is imperative to do them when possible, on smartphone, tablet and computer.
- Use a password manager : One of the most common mistakes is using the same password for all your accounts. A password manager allows you to create fairly complex ones for each account and save them.
- Enable two-factor authentication (2FA) : it is an additional layer of security which takes the form of a second step of simple and quick authentication by email or SMS.
- Be vigilant at all times : there are a few small reflexes to automate: never click on a suspicious link in an email or an SMS, check suspicious connections on mailboxes and social networks and take a daily look at your bank account to ensure that there are no suspicious transactions. It is all the more important after a leak of this type, because malicious people could use the data from the leak to impersonate your operator.
Also read:
How to secure your smartphone, tablet or PC? The ultimate guide!
