Massive Pack Containing Details of 39 Million French Is for Sale on the Darkweb

• Someone is selling a massive aggregation of recent data leaks concerning 39 million French people.
• The details that are found in the 100k sample file include full names, emails, home addresses, and phone numbers.
• France has had several high-profile security incidents recently, but this is most likely unrelated to them.

France is going through the trouble of a large-scale data breach involving the full names, postal addresses, email addresses, and telephone numbers of 39 million people. That’s more than half of the entire population of the central European country, so the effects of the data leak are potentially massive, although many of the entries could be duplicates. The database appeared on the dark web as a listing on a marketplace recently, and the hacker offered a “small” list of 100,000 as a sample to intrigue potential buyers.

Damien Bancal of French IT news outlet ‘Zataz’ was tipped about the existence of the free sample, and he decided to take a look and try to figure out if the data is valid. Unfortunately, it appears that the information contained in the database is true and also seems to derive from various online sources. As such, it’s a compilation/aggregation of recent data leaks that concern French people and covers Paris, Marseilles, Lyon, and even smaller towns like Gerzat, Ussel, or Le Bourget.

The people who have had their names, emails, addresses, and phone numbers exposed now run the risk of getting scammed by phishing actors or fraudsters who engage in social engineering tricks. Moreover, the ground for brute force attacks has also been laid, as the actors now have some info to get started with. For now, the database hasn’t been added on any online checkers as it hasn’t been bought by anyone or leak in its entirety, so if you think you may be included, remain vigilant.

France has had some pretty dire cybersecurity incidents recently, but it is unlikely that this database is linked to them. A few days ago, the French Ministry of Foreign Affairs announced a hack that took place on August 10, 2021, resulting in the compromise of the national visas portal. On August 28, 2021, it was revealed that ‘Francetest,’ a data management platform that essentially links pharmacists that conduct COVID-19 tests in the country with the state medical information database, leaked the results of 700,000 tests along with full identities.