And yet another new hack for SFR! Hackers have posted 3.6 million customer data online on Telegram. For its part, the operator denies the intrusion, attracting the wrath of pirates!

And yet another new hack for SFR! Hackers have posted 3.6 million customer data online on Telegram. For its part, the operator denies the intrusion, attracting the wrath of pirates!

Like all Internet operators, SFR constitutes an attractive target for cybercriminals due to the colossal amount of personal information that the ISP possesses on its numerous subscribers. Also, when it comes to hacking, panic quickly arises! Recently, SFR subscribers have regularly paid the price. Last July, a hacker put 1.4 million customer data up for sale on a famous hacking forum. Then, at the end of August, 50,000 new customer files were found again in the wild, following a “security incident” on a tool used by one of the operator’s partners. Rebelote last September, where, this time, it was the IBANs, SIM card numbers and addresses of customers that were found in the wild (see our article).

The operator is definitely out of luck since, on November 24, the French cybercriminal group Near2tlg announced that it had stolen the personal data of 3.6 million SFR subscribers. It’s starting to get a lot…

SFR piracy: when there are no more, there are still some

Names, first names, dates of birth, email addresses, postal addresses and telephone numbers were thus stolen. This information can be combined with other data leaks to orchestrate phishing attacks or impersonate customers. A sample was posted on the hackers’ Telegram channel, while the rest was put on sale for 500 euros in cryptocurrencies.

However, the operator denied this new hack. According to SFR, the information actually comes from the cyberattack of which he was the victim last September. A statement which did not fail to irritate the hackers, whose reaction was radical to say the least. They simply decided to distribute the entire stolen database on Telegram for free.

On its channel, the hacker group said: “SFR prefers to lie to its customers by saying that we resell the same data… Firstly it’s a lie, secondly it gives us bad publicity. This cannot go unpunished, so help yourself my brothers!!!“. It’s a matter of honor, the ISP’s statements giving them bad publicity.

SFR hacking: the operator denies the intrusion into its database

For cybersecurity researcher Clément Domingo, Near2tlg was able to get his loot by hacking management software called SIBO360. The hackers took the opportunity to point out that a database of 150,000 pieces of information relating to SFR subscribers is still on sale. These come from the September cyberattack and contain, among other things, the IBAN and RIB of customers – therefore much more sensitive data.

There are fears of phishing campaigns in the coming weeks. Indeed, when they get their hands on databases, scammers use personal information to adapt their traps and make their messages more credible, including by pretending to be your operator – here, SFR in this case.

If you are a subscriber of the operator, be extra vigilant in the coming weeks and as always, do not hastily respond to emails, SMS, calls, and even registered letters whose sender you do not know or which appear to you suspects. Take the time to verify the identity of the person you are talking to before doing anything!