After several months of silence and investigations, the situation has taken a worrying new turn with the publication of this information in databases accessible online. The consequences for the operator's subscribers could be serious. Here's what we know and, above all, how to check if you are among the victims.
A confirmed and large-scale leak
The incident dates back to October 2024, when the Iliad group (Free's parent company) was targeted by a cyberattack. While Free had indicated at the time that "the investigation was ongoing" without providing concrete details on the extent of the damage, the reality is now much clearer. Several reliable sources, including the site Have I Been Pwned, have now integrated the stolen data into their databases, confirming that the leak is not only real, but also massive.
The compromised information includes names, postal addresses, telephone numbers, email addresses, dates of birth, and, most seriously, IBANs. On the other hand, passwords do not appear to have been included in the stolen data, which limits certain types of risks but does not eliminate the overall threat.
How do you know if you are affected?
The first thing to do is go to the website Have I Been Pwned, a leading service for checking data leaks. By simply entering your email address, you will immediately know if it appears in the files compromised during this attack. If the result is positive, you will also be informed of the types of data affected.
Note: if you are a Free customer and have not yet been contacted by the operator, this does not mean that you are spared. Free's communication has so far remained very discreet, forcing users to take proactive steps to protect themselves.
Even if no passwords have been exposed, the data in question may be enough to trigger sophisticated phishing campaigns. Fraudulent emails imitating Free, your bank, or an official organization may seek to extract other critical information from you. Identity theft is also a threat that should not be underestimated, especially if an IBAN has been leaked: unauthorized withdrawals are theoretically possible under certain conditions.
What to do in case of exposure?
If your email address is affected, it is advisable to change your passwords immediately, especially if you tend to reuse the same one across multiple services. Then, closely monitor your bank statements to detect any unusual transactions. If you notice anything suspicious, contact your bank immediately to block it.
Also pay close attention to messages received in the coming days or weeks. Scammers often use stolen data to target their scam attempts with great realism. If an email seems strange, do not click on any links and never provide sensitive information.
Finally, in the event of proven harm, you can file a complaint but also report the facts to the CNIL (National Commission for Information Technology and Civil Liberties), which can assist you in your efforts.
0 Comments