This could be the final twist in the case surrounding the large-scale cyberattack against Free. Questioned by a specialized site, one of the two hackers behind this hack revealed that the siphoned data was ultimately not sold. The aim of this attack is completely different…
A glimmer of hope for Free subscribers? While the victims of the cyberattack have just learned that the CNIL will not help them file a complaint, one of the hackers responsible for the incident has spoken out about this massive data leak. According to him, the stolen data was never sold, contrary to what was claimed last week.
Also read:
Free Piracy: the abandoned complaint form, instructions for protecting your rights
We can take a breath
Contacted by the specialized site DataBreaches“YuroSh” wished “ clarify some details » about the Free cyberattack. To prove his involvement, the hacker even sends his interlocutors personal information about Xavier Niel as well as message exchanges with a second hacker with whom he carried out this operation, “drussellx”.
Until then, we believed that the file containing the personal data of more than 19 million customers, including 5.1 million IBANs, had been auctioned for $175,000 on the “Amazon of cybercrime.” According to YuroSh, this data was never sold, the hackers having other objectives in mind.
For drussellx, this hack was to be used to extort Free by forcing the operator to buy back this data. But YuroSh, whose profile is closer to that of a “hacktivist”, rather wanted to denounce the recent global surveillance policies in France. Remember that the Government intends to generalize and perpetuate algorithmic video surveillance (VSA), which was originally a temporary security measure during the Olympic Games.
France has become the first country in Europe to legalize biometric surveillance, supposedly for public safety during major events like the Olympics. […] This is not about public security, but about the gradual normalization of mass surveillance.
EuroSh
These clarifications come very late. Remember that the Free hacking took place on October 17, about twenty days ago. The hackers were probably waiting for the incident to gain more media attention to force Free to review the security of its infrastructures and its compliance with the GDPR, but also to get their message across.
I’m not a saint but I hope that the Free incident will finally wake up the French to the reality of mass surveillance and that they will fight against it. […] I hate surveillance and think the only way to wake them up is to hack them. Otherwise, things don’t change.
EuroSh
We can question the discourse, we can also question the way things are done. Nothing says that this cyberattack could change anything regarding the VSA.
However, it is undeniable that these hackers have indeed “awakened” us to the vulnerability of our data and the lack of resources that certain companies use to protect it. Free has joined a long list of victims because of these failings, after the attacks by SFR, France Travail, EDF, Boulanger, Cultura, etc…
Also read:
Free and SFR Piracy: are you one of those affected?
Hackers had already alerted Free to its security flaws
In addition to these clarifications, YuroSh reveals that it reported security vulnerabilities to Free two years ago. Signals apparently ignored because hackers allegedly “ sent millions of requests over several weeks“. And this after the operator of the Iliad Group was condemned by the CNIL for failure to protect personal data.
The fact remains that the leak of personal data of millions of customers is very real. When asked what will happen to this data, YuroSh replies that he plans to keep it or destroy it. Nothing is certain, so caution remains in order.
Also read:
Stolen IBAN: what are the risks if your banking details leak online?
