Many users have received this email from free since this morning: it’s not a fake! In fact, Free was the victim of a cyberattack and therefore warned its subscribers.
A scale unknown at the moment
However, the latter would have been limited to certain subscribers (apparently quite a few of you have been affected, including me). In its email, the operator indicates that this attack led to unauthorized access to part of the personal data associated with your subscriber account: last name, first name, email and postal addresses, date and place of birth, telephone number, subscriber identifier and contractual data (type of offer subscribed, date of subscription, active subscription or not).
None of your passwords, no banking data, no content of communications would have been affected by the operation. However, we do not know exactly the extent of the latter…
As French law provides, Free indicates having filed a criminal complaint with the Public Prosecutor. He also notified this attack to the National Commission for Information Technology and Liberties (Cnil) and the National Information Systems Security Agency (Anssi).
Note that on September 19, SFR also informed its customers that it had been the victim of a leak of customer data (but the latter included bank details) following what it described as a security incident involving a tool management of its customers’ orders.