France’s leading internet service provider, Free S.A.S, has recently been hit by a cyberattack after an attempted sale of allegedly stolen company data surfaced on the dark web.
The confidentiality of sensitive client data was irreparably compromised when an unauthorized attacker exploited a vulnerable administrative tool.
Despite initial concerns, it was confirmed that neither passwords nor sensitive financial information, nor the contents of electronic correspondence (including emails, SMS messages, and voicemails), were breached during the attack.
Meanwhile, Free confirms that its network service providers have remained unaffected by this event.
Despite this, “drussellx” – the self-proclaimed hacker – publicly offered on a notorious dark web cybercrime forum a pair of pilfered databases stolen from Free: one containing sensitive information on over 19 million customer accounts and another comprising over 5 million International Bank Account Numbers (IBAN).
Free has sought to diminish the significance of the IBAN particulars leak, arguing that the information is insufficient to facilitate a direct debit transaction with a financial institution.
According to reports, hackers compromised sensitive data on October 17, 2024, which included clients’ personal information such as names, phone numbers, email and physical addresses, and dates of birth.
Free, reportedly boasting a subscriber base exceeding 22 million, remains mum on the exact number of clients affected by its recent data breach.
Customers who are involved with free services should take proactive measures to safeguard themselves against potential exploitation. These embrace:
- Users should strengthen their password security by ensuring they exclusively employ strong, unique passwords.
- Implementing multi-factor authentication whenever possible to significantly increase the difficulty for cybercriminals attempting to access accounts.
- Implement the latest security patches to ensure the system’s integrity and prevent potential vulnerabilities from being exploited?
- Be wary of clicking on suspicious links sent via text message or email, as they could trigger a phishing attack or malware download.
- Beware of suspicious communications claiming to come from a hacked company, as these could be scammers exploiting compromised account details to impersonate the organization.
- Recommend to friends and family that they adopt equivalent measures to bolster their security.
Following a reported safety breach, Free has promptly notified relevant authorities and regulatory bodies. The company anticipates issuing notifications to impacted customers via electronic correspondence within the next few days.
