A teenager was arrested in connection with a cybercrime investigation involving the sale of a telecom operator’s database and extortion attempts for ten million euros. Authorities suspect him of being a secondary actor in the scheme, which included ransom demands sent via Telegram. The database, containing sensitive information, was reportedly listed for sale on Breach Forums. The suspect has a history of legal issues related to hacking, raising suspicions about his connections to a known hacking group.
Teenager Arrested in Cybercrime Investigation
On Monday, a teenager was apprehended and subsequently taken into police custody, as reported by Le Parisien on Wednesday. Following this, a judge overseeing freedoms and detention placed him in an educational facility, according to AFP. Authorities from the cybercrime unit at the Paris police headquarters suspect him of orchestrating the sale of a database belonging to a telecom operator.
Ransom Demands and Motivations
Additionally, he is accused of attempting to extort a ransom of ten million euros from the company founded by Xavier Niel. The situation is not surprising given the profile of the suspect, who appears to be seeking recognition and notoriety. In a report aired on France 2, Johanna Brousse, head of the cyber section in the Paris prosecutor’s office, discussed various motives that drive cybercriminals, ranging from the pursuit of profit to the urge for validation on social media.
In a statement to AFP, the teenager’s attorney, Camille Lucotte, emphasized that her client was merely a “secondary actor” in the incident. She pointed out that the primary perpetrator of the hacking has been “clearly identified by investigators.”
The case began when a database containing 19 million lines belonging to the operator was listed for sale on the controversial forum Breach Forums by an individual known as Drusselx. The seller claimed the file included banking identifiers for 5 million individuals, a claim later substantiated by the prosecutor’s office.
Furthermore, four ransom messages were reportedly sent via the Telegram application to the company’s data protection officer and one directly to the founder, Xavier Niel, suggesting that the hacker intended to “leave the possibility for Free to buy its own database,” as noted by the investigating magistrate.
Initially, Free sought legal recourse, requesting Telegram to provide the phone number linked to the account, the IP address, and any details regarding a new account used by the hacker. The extent to which this information contributed to the individual’s arrest remains unclear, though it is likely that other evidence aided investigators in identifying the suspect.
Amidst this unfolding narrative, Drusselx claimed to have sold the database for $175,000. However, Le Parisien suggests the actual amount garnered was closer to 20,000 euros, a figure that appears more realistic. While BFMTV reports that Free may have paid the ransom, the identity of the actual payer has yet to be confirmed.
In a separate twist, an individual named YuroSh approached several journalists, including the author of this piece, claiming to be involved in the case. He provided examples of entries from the operator’s database to validate his claims and asserted that his intention was not to cause undue harm but to underscore a security flaw that Free had allegedly chosen to overlook, despite numerous reports.
The arrested teenager is not new to the legal system; he had previously been detained in June 2024 in connection with a data leak affecting Sport 2000 and the hacking of accounts belonging to the Altice group. The hacking incident involving the sports brand was attributed to a hacker known as “ChatNoir,” who is linked to the notorious collective Epsilon.
Although the Parisian judiciary has not confirmed whether the teenager involved in the Free hacking also operated under this pseudonym, it is highly probable that he is the same individual. Both cases reflect a common pursuit of fame in the cybercriminal landscape. In the fall of 2023, Epsilon attempted to elevate its profile by targeting Shadow, a French cloud gaming provider, which ultimately resulted in the arrest of “ChatNoir” during the spring.
This judicial setback has been described as a mere “small pause,” according to a message that was posted and later deleted on a Telegram channel. The Epsilon name, initially associated with infostealers—malicious software designed to capture passwords—has evolved this fall with the introduction of a new range of harmful services. It remains uncertain whether this name has been adopted by different cybercriminals or if it continues to represent the same group.