In the Darknet, two databases belonging to the French communications operator Free are up for sale, potentially exposing the personal data of over 19 million people, including more than 5 million IBAN bank details. The alleged hacking and data leak by a hacker known as Saxx occurred on October 17, 2024, compromising information such as names, addresses, phone numbers, date of birth, and email addresses.
The price of the databases is not specified in the announcement, with the seller urging potential buyers to use the escrow system for secure transactions. To prove authenticity, a fragment of the database and screenshots showcasing examples of the data are provided.
It is observed that the attacker’s profile was created the day before the announcement, a tactic commonly used by cybercriminals to avoid detection. It is also speculated that the leak could have been generated using artificial intelligence, a growing trend in cybercrime activities.
Free Mobile officially acknowledged the attack on October 26, confirming the breach but not commenting on the extent of the leak. The company reassured users that sensitive information like passwords, bank card details, and communication contents were not affected. They also assured that services were operational and measures were taken to bolster cybersecurity.
Saxx recommended that Free and other operators prioritize data protection by changing passwords, using password managers, implementing multifactor authentication, updating systems and applications regularly, being cautious with links from emails and SMS, and avoiding pirated software that could compromise data security.
Subscribers are advised to remain vigilant and educate their loved ones about potential risks associated with the data leak.