Last October, Free was the victim of a major cyberattack. Cybercriminals managed to steal the data of 19 million subscribers and five million IBAN addresses. With the help of an internal accomplice, the hackers gained access to a management tool. One thing led to another, and they were able to exfiltrate the operator's customer information.
Have I Been Pwned adds stolen data to Free
Several months after the incident, all Free subscribers can now find out for sure whether their data was compromised during the intrusion. Have I Been Pwned, the open-source site that allows all Internet users to check whether their personal data is secure, has just added all the information stolen during the hack to its directory.
As Troy Hunt, the security researcher behind the initiative, points out, Free's data ended up being publicly disclosed on criminal markets on the dark web. Initially put up for sale, the data ended up being shared en masse on platforms frequented by cybercriminals. This is why the researcher was able to recover it, as is his habit, to warn and inform those affected.
In detail, Have I Been Pwned has acquired 14 million email addresses, postal address details, dates of birth, and telephone numbers of Free subscribers. The site has also listed a large number of IBAN addresses linked to the compromised identities. In a post on X, Troy Hunt states that 59% of the information hacked last fall was already recorded on his platform.
Note that a service like Have I Been Pwned is illegal in France and in the European Union. As researcher Clément Domingo points out, European law does not allow access to compromised data, even for verification purposes, as HaveIBeenPwned does. The law considers this to be an unauthorized dissemination of personal data, which is strictly prohibited. The CNIL (National Commission for Information Technology and Civil Liberties) considers that the processing of data from a leak, without the consent of the data subjects, constitutes a violation of the General Data Protection Regulation (GDPR).
How do you know if you were hacked during the Free hack?
To check if your email address was hacked during the cyberattack against Free, simply enter it on the website Have I Been Pwned?. The platform will check whether information related to the address is in its directory. If not, a green message will appear on the screen. If you have been hacked, a red warning will be displayed. The platform will specify during which leaks your address was compromised. The site also reveals all compromised information linked to the address, such as your name, postal address, and IBAN number.
You will then be advised to take appropriate measures to protect yourself, such as changing your passwords. The Have I Been Pwned service, which has become essential over the years, does not store your address and does not access any passwords associated with the data consulted. You can therefore use it without the slightest fear. On the site, the Notify Me tab allows you to sign up to receive an alert as soon as one of your email addresses appears in a new data leak. We recommend that you sign up to avoid unpleasant surprises.
0 Comments