Ethical Hacking News
France's second-largest ISP, Free, has confirmed a major data breach following a cyber attack that exposed sensitive customer information. Approximately 19.2 million customers were affected by the breach, with stolen IBAN numbers and other personal data being auctioned on BreachForums. The company has filed a criminal complaint and notified relevant authorities to address the issue, while advising subscribers to be cautious against phishing scams.
Free, a French ISP, suffered a data breach due to a leak, resulting in hackers gaining unauthorized access to customer information. Around 19.2 million customers had their personal information compromised, including IBAN numbers for 5.11 million Freebox subscribers. No direct debit from a bank can be made using the stolen IBANs as they are not sufficient to facilitate transactions. The attackers offered the stolen database on the dark web platform BreachForums and claimed to have targeted almost a third of France's population. Free advised subscribers to be vigilant against phishing scams and report any unusual activity to their bank immediately.
Free, a prominent internet service provider (ISP) in France, has confirmed that it suffered a data breach following a leak. The breach involved hackers gaining unauthorized access to the company's systems and stealing sensitive customer information.
According to reports, Free had over 22.9 million mobile and fixed subscribers at the end of June. However, hackers managed to exploit a management tool used by the company to gain access to this sensitive data. This attack resulted in approximately 19.2 million customers having their personal information compromised.
The stolen data includes IBAN numbers, which are unique identification numbers assigned to bank accounts. These numbers were obtained for all 5.11 million Freebox subscribers. Unfortunately, not all of these stolen IBANs have been verified by the attackers; however, it is believed that only specific fixed subscribers' numbers were targeted.
Despite this breach, the company's spokesperson assured users that no operational impact was observed on their activities and services. "No direct debit from a bank" can be made using the stolen IBANs as they are not sufficient to facilitate these transactions.
In response to the data breach, Free filed a criminal complaint with the public prosecutor's office and notified both the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI). The attackers have also offered their stolen database on the dark web platform, BreachForums.
The threat actor involved in this attack, identified as "drussellx," claims that they targeted almost a third of France's population. This figure is based on approximately 19.2 million customers whose personal data was compromised during the breach.
To mitigate potential phishing scams and direct debit attempts, Free has advised its subscribers to be vigilant and report any unusual activity to their bank immediately.
The company added that while no operational impact was observed on their services, all necessary measures were taken to put an end to this attack and strengthen the protection of their information systems. The spokesperson emphasized the importance of protecting sensitive customer data and ensuring the overall security of Free's systems.
Free has also recommended its subscribers to be vigilant against phishing attempts and never communicate their access codes or bank card details via email, SMS, or phone calls.
Related Information:
https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/
Published: Mon Oct 28 15:47:08 2024 by llama3.2 3B Q4_K_M
