Search TorWire

Find cybersecurity guides and research articles

Home > News > Deep Web > Threat Actor Claims Sale of 19 Million Free.fr Customer Records on Dark Web

Threat Actor Claims Sale of 19 Million Free.fr Customer Records on Dark Web

By: Morgan Cipher Senior Privacy Journalist

Last updated: June 12, 2026

Human Written
Threat Actor Claims Sale of 19 Million Free.fr Customer Records on Dark Web
  • A threat actor is selling an alleged Free.fr customer database containing over 19 million records on the dark web.

  • The dataset includes full names, phone numbers, postal addresses, dates of birth, and detailed account information.

  • Telecom providers remain prime targets because subscriber data fuels identity theft, phishing, and SIM-swapping attacks.

A threat actor is advertising what appears to be a stolen customer database belonging to Free.fr, one of France’s leading telecommunications providers. The seller is pushing the dataset on a dark web marketplace, and if the claims hold up, millions of French subscribers could face serious consequences.

The listing claims the dataset holds more than 19 million records. According to the advertisement, the exposed information covers nearly everything a criminal needs to impersonate or target a subscriber.

Full names, email addresses, mobile phone numbers, postal addresses, and dates of birth all appear in the dataset. The data also reportedly includes customer account identifiers, subscription and service details, account activation information, and internal account references.

Daily Dark Web, which first flagged the listing, has not independently confirmed the dataset’s authenticity or the accuracy of the seller’s claims.

Hacker Puts Free.fr Subscriber Data Up for Sale

Telecommunications companies store enormous volumes of personal and account-specific data, and that makes them a consistent target. Security analysts note that subscriber databases carry special value in criminal markets, not just for straightforward identity theft, but for more sophisticated attacks like SIM swapping.

SIM swapping allows a criminal to convince a mobile carrier to transfer a victim’s phone number to a new SIM card. Once the attacker controls that number, they can bypass two-factor authentication and break into bank accounts, email inboxes, and other sensitive platforms. A dataset as detailed as the one allegedly taken from Free.fr hands gives attackers exactly what they need to pull this off.

The timing of this listing also fits a broader and increasingly alarming pattern. Earlier this year, researchers uncovered 16 billion login credentials spread across 30 separate databases, making it one of the largest credential exposures on record.

According to the Cybernews research team, the discovery pointed to something far more troubling than recycled old data. The researchers described it as a blueprint for mass exploitation, noting that the records followed the clean structure of modern infostealer malware output, including URLs, login credentials, and passwords bundled together. They added that the data carried all the hallmarks of fresh, immediately usable intelligence rather than stale archived leaks.

The Free.fr database, if genuine, slots directly into this environment. Fresh subscriber data, combined with billions of already-circulating credentials, gives cybercriminals a powerful toolkit for targeted fraud.

What the Stolen Data Means for Subscribers

The categories of data allegedly included in the Free.fr listing cover almost every angle of a subscriber’s identity. Names and email addresses alone enable phishing campaigns. Adding phone numbers opens the door to SMS-based fraud and SIM-swap attacks.

Layering in postal addresses, birthdates, and account details makes it possible for a criminal to convincingly impersonate a subscriber, whether to customer service agents, financial institutions, or government bodies.

Analysts classify telecom breaches as particularly high-risk because the data functions like a master key. A criminal who knows your phone number, home address, and account details can build an attack that is far harder for a victim to detect or stop in time.

The risk is compounded by other massive breaches. 149 million passwords were exposed in a global cybersecurity breach, giving criminals even more tools for identity theft and credential stuffing.

Cybersecurity researchers consistently point to multi-factor authentication and strong, unique passwords as the first line of defense.

Researchers working on the 16 billion credential leak also warned that some exposed datasets contained session cookies and authentication tokens, which attackers can use to bypass two-factor protections entirely.

In those cases, changing passwords alone is not enough. Monitoring account activity closely and contacting your provider directly remains essential.

Telecom Sector Remains Under Sustained Attack

The Free.fr listing is not an isolated incident. Telecommunications providers across the world have faced repeated targeting in recent years. The combination of rich personal data, account credentials, and phone numbers in a single database makes telecom companies uniquely attractive to threat actors running identity fraud and social engineering operations.

Researchers also note a shift in criminal tactics. Cybercriminals are moving away from loose data-sharing on messaging platforms and toward structured, centralized databases that are easier to search and exploit at scale. According to a Cybernews analyst, this shift suggests that stolen data has matured into a commodity with its own organized market infrastructure.

Free.fr subscribers should stay alert for unusual account activity, unexpected SIM changes, or unsolicited contact from anyone claiming to represent the provider.

Share this article

About the Author

Morgan Cipher

Morgan Cipher

Senior Privacy Journalist

Morgan combines a journalist’s curiosity with a security specialist’s precision. His reporting on data breaches, privacy laws, and encryption tech has been featured in several tech publications. At TorWire, he focuses on real-world threats and how to counter them, always with an eye on what’s next in digital privacy.

Comments (0)

No comments.