Breach Intelligence Report 26 Aug 2025

Free.fr Data Breach: 8 Million French ISP Records Exposed

HEROIC
HEROIC Threat Intelligence Team
Email Address Phone Number Birthday First Name Last
Your email may be in this breach. Check in 5 seconds — free, no signup required.
Scan Email →
Records Exposed 8,038,688
Source Type Database
Origin Telegram
Password Type No Passwords

HEROIC's DarkHive intelligence system uncovered the Free.fr database breach, which exposed 8,038,688 records from the major French internet service provider. The incident occured in October 2024 and was first detected on October 21, 2024, when a database dump containing detailed customer information appeared on breach forums and Telegram channels. The exposed records included email addresses, phone numbers, full names, and dates of birth belonging to millions of Free.fr subscribers across France.


Why This Is Dangerous

Free.fr is a primary ISP and telecommunications provider for millions of French households, meaning the data in this breach represents the digital identity of a significant portion of France's internet-connected population. With full names, phone numbers, email addresses, and dates of birth all exposed together, attackers have everything needed to conduct convincing impersonation, account takeover, and social engineering attacks. The combination of contact and identity data enables criminals to bypass knowledge-based authentication questions and convincingly pose as victims to banks, insurers, and government agencies.


What Was Exposed

  • Email Addresses
  • Phone Numbers
  • Dates of Birth
  • First Names
  • Last Names

Why This Matters

When 8 million people's contact and identity details are released on criminal forums, the downstream risk extends far beyond the ISP itself. Phishing campaigns using recieved personal details become dramatically more convincing because attackers can address victims by name, reference thier service details, and tailor messages to thier known demographics. Affected users face elevated risk of SIM-swapping attacks, where criminals use the stolen personal data to convince mobile carriers to transfer control of a phone number, bypassing two-factor authentication on banking and email accounts. Organizations with French employees or customers should also be aware that social engineering attempts targeting those individuals may now be more sophisticated.


How Database Breach Works

Database breaches typically occur when attackers exploit vulnerabilities in web application code, gain access through compromised administrator credentials, or find misconfigured database servers exposed to the internet. Once inside, they use SQL injection or direct database access tools to export entire tables of customer data. The extracted data is then compressed and sold on criminal forums or posted publically as leverage against the organization. ISPs are high-value targets because they hold verified contact information and billing data on large numbers of customers, making the stolen data immediately useful for fraud.


Check If You Are Affected

HEROIC offers a free identity scanner that searches over 400 billion records, including data from breaches like the Free.fr incident from October 2024. Visit heroic.com to scan your email address and find out if your personal information was exposed in this or any other known data breach.

Breach Breakdown

Domain N/A
Leaked Data Email Address,Phone Number,Birthday,First Name,Last Name
Password Types No Passwords
Date Leaked 26 Aug 2025
Check in 5 seconds

8,038,688 passwords exposed. Is yours one of them?

Enter your email to scan this breach plus 400B+ other leaked records. If you're compromised, we'll show you exactly where and what to change.

All information submitted is Private and Secure. We do not sell or share email addresses. By searching, you agree to HEROIC's Privacy Policy and Terms of Service.

Free forever · No account required · Results in seconds

Private & Secure No Account Needed 3,010 scanned today
Breach Rank #401 by affected users
Impact Score
40
sensitivity + scale + recency
Est. Financial Impact $58.2M fraud, phishing & misuse risk
Scan your email Free →
Scan to sign up

Scan to sign up instantly

24/7 Dark Web Monitoring
Instant Breach Alerts
Secure Data Protection
Your Data is at Risk

Your Personal Information is Exposed

We found your data exposed in multiple breaches. This includes:

  • Email addresses
  • Passwords
  • Phone numbers
  • Financial information
Secure My Information Now

Your information is protected by enterprise-grade security

Your Breach Details

Date:
Severity:
Records Exposed:

Your Exposed Information

Your Risk Level

How This Affects You

Full Breach Details

Premium Insights

Unlock Critical Security Information

Create a free account to access:

  • Full Breach Impact Analysis
  • Identity Theft Risk Score
  • Exposed Credentials Details
  • Personalized Security Recommendations
Create Free Account

Identity Theft Risk Score

Risk Score: 8.7/10 - Critical

Data Exposure Analysis

Passwords Critical
Financial High
Personal Medium
Social High
Security Critical

Breach Timeline Analysis

March 2024 Multiple credentials exposed in recent data breach
January 2024 Password found in dark web marketplace
December 2023 Personal information leaked in major security incident

Security Recommendations

High Priority
Password Security

Critical: Change compromised passwords immediately and enable 2FA on all accounts

Important
Financial Protection

Monitor credit reports and set up fraud alerts with major credit bureaus

Recommended
Identity Protection

Enable advanced identity monitoring and dark web surveillance