French ISP Confirms Cyberattack, Data Breach Affecting 19M

  /     /     /  
Publicated : 23/11/2024   Category : security


French ISP Confirms Cyberattack, Data Breach Affecting 19M


In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.



Free, a French telecommunications company and the second largest Internet service provider (ISP) in the country, has disclosed a cyberattack it fell a victim to over the weekend. Its the latest in a line of attacks against ISPs and telcos of late.
A threat actor stole information from the companys internal management tool, gathering data on the companys subscribers, and attempted to sell the data on the Dark Web in a cybercrime forum, the ISP confirmed to Agence France-Presse (AFP) on Oct. 26.
The hacker, known as drussellx, posted a message on the forum, putting two databases stolen from the ISP company up for auction. The databases reportedly contained information on more than 19 million customer accounts, and more than 5 million international bank account details.
The bad actors gained unauthorized access to some of the personal data associated with the accounts of certain subscribers, according to Free, which has more than 22 million mobile and fixed subscribers. However, it stressed that no passwords, bank-card information, emails, SMSs, or voicemails were compromised, and that its services were not been impacted.
Internet service provider networks
 are increasingly being targeted by bad actors in attacks to steal data and set up base for new tactics and techniques. Take advanced persistent threat (APT) Salt Typhoon, for example, which has been targeting these networks in the US, likely due to the information they can garner, such as home addresses, billing information, SMSs, and more.
Another APT group, known as Evasive Panda (aka StormBambaoo and DaggerFly), also targets ISPs, using them as a launchpad to exploit software vendor update mechanisms by using
DNS poisoning
.
Now, in the wake of its own ISP attack, Free reports that it soon will be informing
impacted customers
via email regarding the breach. It has also filed a criminal complaint and informed Frances National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI).

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
French ISP Confirms Cyberattack, Data Breach Affecting 19M