Recent insights from hacker “YuroSh” provide a glimmer of hope for Free subscribers affected by a major data breach. Contrary to previous reports, he asserts that the compromised data has not been sold, revealing the hackers aimed to extort Free instead. YuroSh identifies as a “hacktivist,” protesting against increasing surveillance in France. This incident underscores the vulnerabilities in data protection, as Free joins other organizations that have faced similar breaches, raising concerns about the future of the stolen data.
A Glimmer of Hope for Free Subscribers?
Recent developments offer a sliver of hope for Free subscribers grappling with the aftermath of a significant cyberattack. While victims have been informed that the CNIL will not assist in filing complaints, one of the hackers involved has come forward to shed light on the extensive data breach. Contrary to earlier claims, he asserts that the compromised data has not been sold.
Insights from the Hacker
In a conversation with the cybersecurity platform DataBreaches, the hacker known as “YuroSh” aimed to clarify several points regarding the cyber incident. To demonstrate his involvement, he shared personal details about Xavier Niel and exchanges with another hacker, “drussellx,” who collaborated in this attack.
Initially, it was believed that the database containing sensitive information from over 19 million customers, which includes 5.1 million IBANs, was up for auction at a staggering $175,000 on a cybercriminal marketplace. YuroSh contends, however, that the data has never been sold, indicating that the hackers had alternative motives.
For drussellx, the purpose of this hacking was to extort Free, compelling the operator to repurchase the stolen data. In contrast, YuroSh, who identifies more as a “hacktivist,” aimed to protest against the rising global surveillance measures in France. This comes as the government is looking to expand and extend algorithmic video surveillance (VSA), which was initially a temporary security protocol during the Olympic Games.
Awakening Awareness Among the Public
These revelations arrive rather late, as the Free hacking incident reportedly occurred on October 17, nearly three weeks ago. It appears the hackers were strategically waiting for media coverage to escalate, pressuring Free to enhance the security of its systems and adhere to GDPR regulations while simultaneously conveying their message.
While one may debate the methods employed, the reality remains that this cyberattack has indeed highlighted the vulnerabilities in our data protection. Free now joins a growing list of organizations that have suffered due to inadequate security measures, following similar breaches affecting SFR, France Travail, EDF, Boulanger, and Cultura.
YuroSh also revealed that he had previously alerted Free to security vulnerabilities two years ago, warnings that seemingly went unheeded. Following a CNIL ruling against the iliad Group for insufficient data protection, the breach of personal information from millions of clients and the public exposure of 100,000 IBANs are indisputable.
When questioned about the future of this sensitive data, YuroSh stated that he intends to either retain or destroy it, leaving its fate uncertain. Therefore, it is prudent for individuals to remain cautious in light of these developments.