A hacker stole subscribers’ personal data

A hacker has taken over a database of free subscribers. This file, for sale on a secret forum, contains sensitive information, potentially sparking a wave of scams and phishing attacks.

Our colleagues from Zataz discovered that a hacker had put the personal data of Free customers up for sale. The hacker, who calls himself Dépressive, claims to have gotten his hands on a database related to… 14 million subscribers Operator in France. On a cybercrime forum, he explains:

“One of the largest ISPs in France, with over 14 million customers. I am only selling a copy of this data.”.

In the ad, this is specified The copy will be sold to one person only For several hundred dollars in cryptocurrencies. Unsurprisingly, the hacker requested payment in Monero, an anonymous digital currency. Unlike Bitcoin, where transactions are public and traceable, Monero allows for completely anonymous trading. The identities of the sender and recipient are hidden, as well as the transaction amount. This is why cryptocurrencies are widely used by hackers.

Read also: After the riots, hackers leaked the data of 1,000 French judges

Sensitive but outdated information?

The database weighs 2.9 GB Sensitive informationSuch as name, phone number, email address and residence address. The hacker was careful not to mention the source of the stolen data. For Zataz, the information can come from the operator’s call center or API.

Using this data, a cybercriminal can easily deploy tailored phishing attacks. By bringing up verified information about his targets, a hacker can assuage his victims’ distrust and, ultimately, succeed in stealing money from them.

Zataz’s report also points out the risks associated with spam. Concretely, subscribers can be contacted by a criminal posing as a banking advisor. We can also imagine a hacker usurping your free customer service identity. By manipulating the person they are talking to, a hacker can attempt to extort banking details, such as credit card numbers. This type of fraud is particularly common.

In addition, it is also possible to use the data for implementation Brute force attack. In practice, the cybercriminal uses algorithms that will try all possible combinations to decrypt your password. There are programs that, depending on the complexity of the password, can hack an online account in minutes or hours. To coordinate such an attack, the only element required is your email address.

To prove his point, the seller posted it online Sample of data. Zataz experts have carefully examined this to determine its validity. Oddly enough, the file is only listed “Parisians residing in the 18th and 19th arrondissements”. Above all, it appears that at least part of the stolen data is no longer relevant. Many of the customers listed reveal that they canceled their free subscription years ago. Others specify that the residence address is no longer valid. The data may be several years old.

source :

Zazz