A hacker recently sold stolen data from Free, including customer IBANs, contrary to the company’s initial claims. Despite Free’s prompt acknowledgment of the breach, the hacker provided evidence of the theft, challenging the operator’s transparency. Following the attack, Free has urged customers to remain vigilant against potential scams and phishing attempts. The incident raises significant concerns about data protection and customer trust, especially in light of previous breaches affecting other operators like SFR.
Let’s get started! Free’s customers are receiving important notifications.
As Xavier Niel immerses himself in TikTok and fills the Olympia for personal satisfaction, one has to wonder if he has lost sight of fundamental ICT practices. A hacker has decided to disrupt Free significantly.
Recently, this hacker announced the sale of data stolen from Free, with the company initially silent about the breach.
It didn’t take long for Free to send emails to its customers admitting there had been a data breach.
Was the audit too quick?
Critics are questioning whether the audit may have been rushed or aimed at downplaying the severity of the breach. In its initial communication, Free notably omitted mentioning that customers’ IBANs were involved, opting instead to focus on the penalties faced by the hacker. The hacker could potentially face a 5-year prison sentence and a fine of €150,000, according to the operator’s statement.
In a follow-up email to customers, Free confirmed that personal details such as last names, first names, addresses, and phone numbers were compromised, but reassured customers that their banking details, especially IBANs, were safe.
However, the hacker showed proof of their claims by releasing a sample of 100,000 stolen IBANs, arguing that Free was trying to downplay the extent of the cyberattack.
A ‘warning’ from the hacker
The hacker, known as SaxX on X, revealed, “Last night at 4:30 AM, the cybercriminal behind the Free attack released a sample of 100,000 IBANs out of the 5.11 million they claim to possess.” This release seems to be a direct response to Free’s earlier email, which the hacker deemed insufficiently serious about the IBAN issue.
Additionally, it has been reported that the complete database is up for sale at a price of $70,000, having started at €10,000!
The hacker refers to this move as a “warning,” aimed at reassuring subscribers that their bank details might indeed be at risk, contrary to Free’s assurances. Reports indicate that the data continues to be available for purchase.
Is an IBAN a cause for concern?
Following this revelation, Free sent another email clarifying that banking information was indeed among the stolen data.
The updated communication stated, “This attack led to unauthorized access to some personal data associated with your subscriber account, including surname, first name, email and postal addresses, phone number, subscriber ID, IBAN, and contract details (subscription type, start date, current status).” Free emphasized that no passwords were compromised.
While the company noted that merely having an IBAN doesn’t grant access to direct debits without additional permissions, it is crucial to understand that published IBANs can be exploited in intricate fraud schemes. This incident raises legitimate concerns about customer trust in the company’s data protection measures.
Just last month, SFR also suffered a similar data breach, losing customer IBANs in the process.
Advice for Free subscribers
In light of this situation, Free advises its customers to remain alert due to an increased risk of phishing and other online scams that could exploit their personal information.
“We urge you to maintain a high level of vigilance against fraudulent emails, SMS, or phone calls. Please remember, our representatives will never request your passwords verbally,” emphasizes Free.
Customers are encouraged to visit the Cybermalveillance.gouv.fr website for support if they suspect they may be victims of fraud, and to utilize the toll-free helpline at 0805 921 100 for assistance.