Mint Mobile data breach allowed attacker to port phone numbers
Carrier Mint Mobile has revealed it was the victim of a data breach, one which allowed a number of customer phone numbers to be ported out to another carrier, along with possible access to subscriber data.
An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier's systems. The breach, which occurred between June 8 and June 10, reveals a "very small number of Mint Mobile subscribers' phone numbers were affected by the incident.
According to Mint, phone numbers associated with the accounts were "temporarily ported to another carrier without permission," reports Bleeping Computer. Mint also admits the attacker may have gained access to some account information, including names, phone numbers, email addresses, passwords, and account numbers.
Mint did not say how the breach took place, but it is likely to have been a compromise of an application used by customer service agents. The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes.
The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems. In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent's computer to steal information, data later used to attack Microsoft's customers.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier's systems. The breach, which occurred between June 8 and June 10, reveals a "very small number of Mint Mobile subscribers' phone numbers were affected by the incident.
According to Mint, phone numbers associated with the accounts were "temporarily ported to another carrier without permission," reports Bleeping Computer. Mint also admits the attacker may have gained access to some account information, including names, phone numbers, email addresses, passwords, and account numbers.
Mint did not say how the breach took place, but it is likely to have been a compromise of an application used by customer service agents. The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes.
The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems. In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent's computer to steal information, data later used to attack Microsoft's customers.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Comments
We switched to Mint (owned by Deadpool actor Ryan Reynolds) and are big fans — $15 a month, period. My days of paying AT&T $160 got 2 lines are over… The website is cleaner, the bills are insanely clear, and since I pay annual I don’t even have to worry about the bill every month.
Dumb pipes. That’s what I want.
It is currently unclear if this is a ransomware attack and if the threat actors have demanded compensation from Mint Mobile. But this is one of the typical M.O.s of these type of cybercriminals.
2FA is the most obvious target for porting a number, or fooling a carrier into issuing a new SIM for someone else's number to the attacker.
I've been looking into Mint and it sounds pretty good, especially since it's rates are standalone, not needing to be bundled with any other services.
It's a shame that it had a data breach, and I hope the walls get shored up. I've read a number of sources warn against using a cell number (and maybe any phone number) for 2FA, though I don't know what other options there may be.
Truth be told if I could get better throughput than 25/1 and $15/mo cellular, that would be very attractive. But I still have my eye on Mint.
There is a caveat to our service though. We use our phones primarily as phones, we do not stream music or videos and rarely browse the internet on our phones. Because of this we have a shared 1GB data plan between the five phones. In the year or so we have had the xfinity mobile service we have yet to exceed 1GB in monthly usage (we average around 400MB per month in total between all five phones).
I am not a Comcast fanboy, quite the opposite in fact. But the savings we are realizing from the xfinity mobile plan certainly does help to balance the scales. Through Comcast we have internet, a home phone (land)line, and five cellular phones with a total (post tax) cost of under $100 per month. Previously we paid Verizon something like $120 per month for just 3 cellular phones, so this switch has been a very good (financial) thing for us.
With Mint you get voice, text, and 4GB per line for $15.
Perhaps this type of plan is a dealbreaker for most smartphone users, but I have no direct knowledge on typical smartphone owner's data usage. As to a flip phone... I should have been clearer on my phone use. While I do not stream audio or video and rarely browse the internet on my phone, I do have around 80GB of music, well over 150GB of video and around 10GB of pictures on my phone... and with a 512GB phone, there is plenty of storage space for future expansion. My wife has a similarly loaded phone. As such, we find little need for a high volume data package. We are also not tied to our devices as so many people seem to be. When at home, the phones sit on a charger, not in our hands or pockets.
But to each their own.
Comcast Xfinity is $45/mo for 1 line unlimited & speeds slow after 20GB PLUS you are REQUIRED to also pay separately for their internet service.
Mint Mobile is an MVNO that leases access to T-Mobile's cellular towers; Mint Mobile doesn't have their own towers. Most likely this is a multi-year contract but there's nothing preventing Mint Mobile to switching to another carrier for access (like AT&T) when the contract is up.
StraightTalk is another MVNO that has historically rented from T-Mobile as well; in fact, at one point StraightTalk was using AT&T, T-Mobile and Verizon towers for access.
The porting system needs T-Mobile's involvement because it's T-Mobile's network.