Free informed its subscribers of a data leak including IBANs, exposing customers to fraud risks. The stolen information could be used to carry out targeted scams.
The Free operator informed a large part of its subscribers, via a new email sent on October 28, that the data leak contained other crucial information. The company indicated that in addition to surnames, first names, dates and places of birth, telephone numbers, subscriber identifiers, the hacker also recovered banking data. Concretely, these are the IBANs of the Free box customers which were put online by the hacker. 5.3 million people would be affected.
On a famous hacker forum, the hacker states that “ a copy of the data is about to be sold for more than $70,000. If the company does not participate in this one auction in the coming days, this copy will be sold, resulting in serious consequences for customers, and will likely be publicly disclosed on forums in the near future ».
He posted a sample that Numerama was able to consult, containing the data of several thousand people.
Cyberattacks: when humans are the weak link
With U-Cyber 360°, the French company Mailinblack allows you to protect your organization and educate your employees in cybersecurity.
From the password manager to email security, continuing training and attack simulations, this solution brings together all the tools to prevent cyber risks.
The forum in question is undoubtedly one of the most commonly used platforms by everyday hackers. It is not on the dark web or other more obscure hostings, so the exposed files have already been exchanged on other networks, before coming to the surface on this platform.
What can the hacker do with your IBAN recovered from Free
This additional data deserves particular attention. “ The problem is not so much the leak of the IBAN, it is the leak of this bank identifier and all the associated data » explains Benoit Grunemwald, cybersecurity expert at ESET. “ A cybercriminal could already use this lot of information to give more legitimacy to his scams, or even pretend to be a bank advisor. » points out the specialist.
« The other risk is that unscrupulous companies engage in embezzlement to subscribe to fraudulent subscriptions using this IBAN. », warns Benoit Grunemwald.
Fraudsters can use an IBAN combined with other personal data (such as name and address) to create fraudulent direct debit mandates and attempt to pass off these direct debits as legitimate.
To avoid these mishaps, It is possible to activate security measures on your banking application as soon as the bank notices the addition of a new direct debit mandate. In such cases, it is important for victims to monitor their accounts and immediately report any suspicious charges to their bank.
Benoit Grunemwald recalls “ that it is always safer to go to the application rather than clicking on a link integrated in an SMS in the event of an alert notification ».
What is the best password manager?
What is the best password manager in 2024?
Find our complete tests
All the news from free
