Free.fr ISP Data Breach Allegation - 14 Million User Records Exposed

Claim Summary

An actor using the alias “near” has posted an unverified claim on a dark web forum, alleging the public leak of a database belonging to the French internet service provider Free.fr. According to the post, the data originates from an alleged breach in October 2024. The threat actor claims the dataset contains approximately 14 million records and is offering it for download on the forum. The post includes a file hash and details about the compressed and uncompressed file sizes, but no direct samples of the data have been provided publicly in the claim.

What Is Allegedly Exposed

The threat actor claims the dataset includes a wide array of sensitive personal information. Purportedly, for each of the 14 million records, the data includes email addresses, full names, physical addresses, and phone numbers. More critically, the post states the data also contains dates of birth, genders, and, for many records, IBAN (International Bank Account Number) bank account details. The actor references a past statement from Free, allegedly advising that the exposed bank numbers were “not enough to make a direct debit,” though this detail cannot be independently verified from the post alone.

Threat Actor Profile

The post author, “near,” does not appear to be a widely recognized or established threat actor based on the provided information. The account’s reputation and history are unknown, which is a significant red flag. The post itself has been heavily modified by a forum automation tool, being edited 15 times, which could indicate standard template updates or attempts to refine the offer’s presentation. The lack of a known persona or proven track record in previous breaches lowers the immediate credibility of the claim, placing it in the category of requiring substantial corroboration.

Potential Impact

If the claims are true, the potential impact is severe. The alleged exposure of IBAN numbers alongside comprehensive personal identifiers like addresses, dates of birth, and phone numbers creates a significant risk for targeted phishing, social engineering, and financial fraud. This combination of data could be used to build highly convincing impersonation schemes against affected individuals. For the organization, Free.fr, a confirmed breach of this magnitude would represent a major reputational and regulatory incident, potentially triggering scrutiny under regulations like the GDPR in the European Union.

What to Watch For

1. Corroboration: Monitor other dark web sources and clear web security feeds for mentions of this specific dataset or the MD5 hash (AF28C4B294DF0F1430E6735EB9DF8E96) to see if other actors validate its existence.
2. Official Response: Watch for any official statement from Free.fr or French data protection authorities regarding this specific claim or a historical breach from October 2024.
3. Data Activation: Be alert for signs of the alleged data being used in targeted phishing campaigns or fraud attempts against French consumers, which could serve as indirect proof of its legitimacy.
4. Actor Behavior: Note if “near” posts further claims or samples to build credibility, or if the account disappears, which is common with low-credibility one-time posters.

Disclaimer

This report details an unverified claim from a dark web forum. The information presented here is based solely on the actor’s post and has not been independently confirmed by Yazoul Security or external sources. The existence of the breach, the number of records, and the specific data types involved are all alleged. The threat actor’s credibility is unknown. This report is for situational awareness and intelligence purposes only. Organizations should seek official channels for confirmation and individuals should rely on guidance from the potentially affected company or relevant data protection authorities.