Massive Data Sale: Threat Actor D3f4c3rX Claims Possession of 160 Million French Mobile Records
The Incident: A National-Scale Data Exposure
A high-profile threat actor operating under the alias D3f4c3rX has sent shockwaves through the French telecommunications industry by announcing the sale of a database containing over 160 million verified mobile numbers. The data allegedly spans the nation's four major network providers:
- Orange (France's largest operator)
- SFR (Altice France)
- Bouygues Telecom
- Free Mobile (Iliad Group)
The actor is reportedly seeking $20,000 (approx. €18,500) for the full dataset, conducting negotiations exclusively via encrypted Telegram channels. While the population of France is roughly 68 million, the "160 million" figure likely represents a combination of active lines, historical records, and business accounts across all major carriers.
Context: A Summer of Telecom Vulnerability
This massive sale follows a series of confirmed cyberattacks that plagued French operators throughout 2025. This historical context provides weight to D3f4c3rX's claims:
- August 2025: Bouygues Telecom confirmed a breach impacting 6.4 million customers, exposing IBANs, contact details, and civil status.
- July 2025: Orange reported a cyberattack that caused service disruptions, though they initially denied large-scale data exfiltration at that time.
- Infrastructure Sabotage: During the 2024 Paris Olympics, physical sabotage of fiber-optic cables across six regions demonstrated the vulnerability of the national network.
What Information is at Risk?
According to the seller's listing, the database is highly organized and "verified." The leaked information typically includes:
| Data Field | Risk Level | Impact for the Victim |
|---|---|---|
| Mobile Phone Numbers | High | Vulnerability to SMS phishing (Smishing) and SIM swapping. |
| Network Identification | Medium | Allows attackers to target specific carrier-related scams. |
| Subscriber Verification | High | Confirms the number is active, making it more valuable to scammers. |
| Location Metadata | Medium | Potentially linked to regional prefixes or contractual addresses. |
Profile of the Attacker: D3f4c3rX
Threat intelligence suggests that D3f4c3rX is an established data broker in the cybercrime underground. Unlike "script kiddies," this actor focuses on bulk data acquisition and rapid monetization through high-traffic Telegram "Leaked Data" markets. The use of a fixed $20,000 price point—relatively low for 160 million records—suggests the actor is looking for a quick sale, which often leads to the data being resold to multiple smaller "phishing shops."
"When a single actor sells national-scale data, they are essentially providing the 'ammunition' for an entire year's worth of phishing and fraud campaigns across France." — Cybersecurity Intelligence Analysis
Recommended Protective Actions
For individuals and businesses in France, the following defensive measures are critical:
- Enable SIM PIN: Set a custom PIN for your SIM card to prevent unauthorized SIM swapping if your number is targeted.
- Trust No One via SMS: Treat any SMS from your "bank" or "operator" that asks for personal details or redirects to a website as a potential scam.
- Use Authentication Apps: Move away from SMS-based Two-Factor Authentication (2FA) and use apps like Google Authenticator or hardware keys (YubiKey).
- Monitor IBAN Transactions: Since previous breaches included bank details, watch for unauthorized direct debits on your accounts.
Conclusion
The sale of 160 million French mobile records by D3f4c3rX marks a grim milestone in 2025's cybersecurity landscape. It signals that despite major infrastructure investments, the telecommunications sector remains a primary target for data exfiltration. As this data enters the hands of thousands of lower-tier cybercriminals, France can expect a significant spike in targeted smishing and identity theft throughout 2026. The incident serves as a stark reminder that in the digital age, a phone number is no longer just a way to call someone—it is a critical key to an individual's digital and financial identity.
