Free has confirmed it suffered a significant cyberattack affecting customer data, including bank details. Over 5 million IBANs may have been stolen, with a hacker auctioning the data for $70,000. While some believe IBANs alone pose little risk, ethical hacker SaxX warns they can enable unauthorized direct debits when combined with personal information. Customers are urged to monitor their accounts closely and report any suspicious activity to their banks to ensure reimbursement.
Update as of 10/28/24:
Free has confirmed it fell victim to a cyberattack that compromised its customers’ private data, including banking details, but has not disclosed the full scope of the breach. This weekend, subscribers received an email advising them to remain cautious.
While Free has been vague about the hack’s severity, a hacker has leaked a sample of 100,000 IBANs from an estimated total of 5.1 million stolen records. The hacker also mentioned that a complete set of this data is up for sale at a starting price of $10,000, with bids already reaching $70,000.
Understanding the Risks of a Hacked IBAN
There’s a common misconception that hackers cannot exploit an IBAN. This is misleading, especially when these financial details are combined with other personal information. In theory, a hacker needs a signed direct debit authorization to access your bank account.
However, ethical hacker SaxX warns that a hacker can generate their own SEPA direct debit using just an IBAN. Some banks may not verify direct debits thoroughly, potentially allowing unauthorized withdrawals. Additionally, a hacker could reroute expected payments—like salaries or invoices—to their own account.
It’s crucial to regularly check your bank accounts. If you notice any unauthorized transactions, report them immediately to your bank, ideally within 13 months. The bank is obligated to reimburse you unless they can prove that you exhibited gross negligence.
Related reading:
Is Free experiencing dysfunction that poses risks to its subscribers in emergencies?
Related reading:
Original article from 10/22/24:
An ethical hacker named SaxX has reported the sale of a massive 43.6 GB file on the “Amazon of the dark web,” which allegedly contains the personal information of over 19 million Free Mobile and Freebox customers. A separate file reportedly lists the IBANs of more than 5 million customers, a situation reminiscent of recent breaches suffered by other providers like SFR.
Related reading:
50,000 customer files from SFR leaked online by French hackers!
Related reading:
The Breach Has Yet to Be Verified by Free
As is often the case, this malicious file contains sensitive personal information from customers of Free. In addition to names, phone numbers, and email addresses, it reportedly includes postal addresses, Freebox IDs, and banking information.
However, SaxX cautions that this potential hack should be approached with skepticism until confirmed by Free. The breach is said to have occurred on October 17, and the seller plans to exchange these files using an escrow service that ensures the security of both data and payments.
Last year, a hacker claimed to have accessed the data of 14 million customers—a claim Free strongly denied. This incident may also be an attempt to extort the operator or mislead potential buyers.
This data breach is part of an alarming trend as cyberattacks are increasing, affecting both telecommunications companies and public services like Pôle Emploi, CAF, and France Connect. It’s important to note that Free has faced criticism for its cybersecurity practices; in late 2022, the CNIL penalized the iliad Group for inadequate data protection measures.
Related reading:
Free Mobile: a meager fine for inadequate protection of personal data
Related reading:
Steps to Take If You May Be Affected
If you’re a Free customer and have concerns about your data being compromised, act promptly! Here are recommended actions to take if you fear your information has been exposed on the dark web—these precautions apply to both individuals and businesses:
Related reading:
How to protect your smartphone, tablet, or PC: The ultimate guide!
Related reading: