Massive Data Breach at Free ISP Exposes Millions; Threat Actor Warns of Potential Data Leak

Published:

Major Data Breach at Free: Implications for Subscribers and the Telecom Sector

On October 26, 2024, Free, a prominent French Internet Service Provider (ISP) and a subsidiary of the Iliad Group, confirmed a significant data breach that has impacted millions of its subscribers. This alarming announcement followed a threat actor’s attempt to sell the stolen data on a cybercrime forum, raising serious concerns about the security of customer information. This incident is particularly troubling given the recent spate of cyberattacks targeting the French telecom sector, highlighting the vulnerabilities within critical infrastructure.

Details of the Breach

The breach at Free involved unauthorized access to an internal management tool, which allowed attackers to extract sensitive subscriber information. According to reports, the compromised data includes customers’ names, phone numbers, email addresses, postal addresses, dates of birth, and International Bank Account Numbers (IBANs) for some fixed-line subscribers.

Despite the scale of the breach, Free has reassured its customers that no highly sensitive information—such as passwords, bank card details, or the contents of communications like emails, SMS messages, or voicemails—was accessed. The breach was first exposed when a threat actor attempted to auction the stolen data on BreachForums, claiming to have access to information belonging to millions of Free’s subscribers.

The Scale of the Compromise

The data breach reportedly affects over 19 million users, with more than 5.11 million IBANs included in the stolen information. To substantiate their claims, the threat actor provided samples of the data, including screenshots and database headers, and offered potential buyers the opportunity to verify the database. The breach appears to have affected both Free Mobile and Freebox customers, with the stolen data dating back to October 17, 2024. Notably, the cybercriminal created their profile just a day before announcing the leak, suggesting a premeditated attack.

Threat Actor Increases Pressure on Free

On the same day Free confirmed the breach, the threat actor escalated the situation by posting a new message on a Dark Web forum, issuing a threatening ultimatum. The post included “100,000 lines of French IBANs from Free customers” and indicated that a copy of this data would be sold for over $70,000 if Free did not intervene in the auction. The threat actor hinted at “serious consequences for customers” if the data remained unsold, suggesting a potential public release of the information.

This additional threat amplifies the risks to affected customers, as the public exposure of sensitive information could lead to widespread misuse, identity theft, and further compromise of their privacy and security.

Potential Consequences and Risks for Free’s Subscribers

The implications of the breach are significant for both affected customers and Free’s reputation. With exposed data that includes IBANs and personal details, subscribers now face potential threats to their privacy and security. While Free has clarified that the stolen IBANs alone are insufficient for initiating unauthorized debits, the presence of such sensitive information could still fuel targeted phishing attacks and identity theft.

In light of this breach, organizations can benefit from enhanced cybersecurity strategies, including Dark Web monitoring and real-time alerts for exposed data. SOCRadar’s Advanced Dark Web Monitoring module can assist by tracking mentions of sensitive information on dark web forums and marketplaces, providing timely alerts when customer data or other critical assets are at risk.

Free’s Actions and What This Breach Means for the Telecom Sector

In response to the breach, Free has taken several steps to mitigate the damage. The company has strengthened its cybersecurity defenses, filed a criminal complaint, and alerted regulatory bodies, including CNIL (the French data protection authority) and ANSSI (the French National Cybersecurity Agency). Additionally, Free is directly notifying affected individuals and providing guidance on how to stay protected.

This incident highlights a pressing issue for the telecom industry in France and beyond—the security of customer management systems that hold vast amounts of sensitive data. With multiple recent attacks targeting French telecom providers, there is an urgent need for industry-wide standards to secure customer data and prevent unauthorized access.

Recommendations for Subscribers

In the wake of this breach, subscribers are advised to take proactive measures to protect their information. This includes avoiding clicking on suspicious links, refraining from sharing sensitive information, and securing their accounts with strong passwords and enabling Multi-Factor Authentication (MFA).

Monitoring dark web forums and hacker channels can help organizations stay proactive, providing the insights needed to anticipate and counter potential security risks. SOCRadar’s Dark Web News service offers timely updates on hacker activity, helping subscribers stay informed about emerging threats.

Conclusion

The data breach at Free serves as a stark reminder of the vulnerabilities that exist within the telecom sector and the importance of robust cybersecurity measures. As the digital landscape continues to evolve, both companies and consumers must remain vigilant in protecting sensitive information. The implications of this breach extend beyond Free, underscoring the need for heightened security protocols across the industry to safeguard customer data against future threats.

Related articles

Recent articles