Mint Mobile data breach allowed attacker to port phone numbers

Posted:
in General Discussion
Carrier Mint Mobile has revealed it was the victim of a data breach, one which allowed a number of customer phone numbers to be ported out to another carrier, along with possible access to subscriber data.




An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier's systems. The breach, which occurred between June 8 and June 10, reveals a "very small number of Mint Mobile subscribers' phone numbers were affected by the incident.

According to Mint, phone numbers associated with the accounts were "temporarily ported to another carrier without permission," reports Bleeping Computer. Mint also admits the attacker may have gained access to some account information, including names, phone numbers, email addresses, passwords, and account numbers.

Mint did not say how the breach took place, but it is likely to have been a compromise of an application used by customer service agents. The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes.

The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems. In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent's computer to steal information, data later used to attack Microsoft's customers.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Comments

  • Reply 1 of 14
    mobirdmobird Posts: 661member
    What is to be accomplished by porting numbers out to another carrier from the standpoint of the attacker?
    edited July 10 watto_cobra
  • Reply 2 of 14
    genovellegenovelle Posts: 1,297member
    mobird said:
    What is to be accomplished by porting numbers out to another carrier from the standpoint of the attacker?
    If they have other identifying information like name etc they could get past account resets requiring access to the phone to receive texts for 2 level verification. Like accessing bank accounts 
    FileMakerFellerwatto_cobra
  • Reply 3 of 14
    StrangeDaysStrangeDays Posts: 11,755member
    Damn sorry to hear that, but glad we weren’t affected. 

    We switched to Mint (owned by Deadpool actor Ryan Reynolds) and are big fans — $15 a month, period. My days of paying AT&T $160 got 2 lines are over… The website is cleaner, the bills are insanely clear, and since I pay annual I don’t even have to worry about the bill every month. 

    Dumb pipes. That’s what I want.
    FileMakerFellerwilliamlondonwatto_cobra
  • Reply 4 of 14
    mpantonempantone Posts: 1,643member
    mobird said:
    What is to be accomplished by porting numbers out to another carrier from the standpoint of the attacker?
    It shows that they --the threat actor -- actually accomplished the data theft. This makes the stolen data more valuable since potential buyers (as well as the rightful owner Mint Mobile) would consider it legitimate.

    It is currently unclear if this is a ransomware attack and if the threat actors have demanded compensation from Mint Mobile. But this is one of the typical M.O.s of these type of cybercriminals. 
    FileMakerFellerwatto_cobra
  • Reply 5 of 14
    OctoMonkeyOctoMonkey Posts: 230member
    Damn sorry to hear that, but glad we weren’t affected. 

    We switched to Mint (owned by Deadpool actor Ryan Reynolds) and are big fans — $15 a month, period. My days of paying AT&T $160 got 2 lines are over… The website is cleaner, the bills are insanely clear, and since I pay annual I don’t even have to worry about the bill every month. 

    Dumb pipes. That’s what I want.
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.  Plus, adding an additional Comcast service provided a $10 per month service credit to our internet bill, giving us a net $19.40 per month for 5 lines...  essentially $4.00 per line per month!  To top it off, they gave us $300 in pre-paid Visa cards over the course of the first three months.  We left Verizon when we switched, but the Comcast service piggybacks on the Verizon network.  No idea how they are making money...  or perhaps it shows just how much money Verizon (and their ilk) are siphoning from the pockets of the masses.
    StrangeDayswatto_cobra
  • Reply 6 of 14
    Carrier Mint Mobile has revealed it was the victim of a data breach, one which allowed a number of customer phone numbers to be ported out to another carrier, along with possible access to subscriber data.




    An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier's systems. The breach, which occurred between June 8 and June 10, reveals a "very small number of Mint Mobile subscribers' phone numbers were affected by the incident.

    According to Mint, phone numbers associated with the accounts were "temporarily ported to another carrier without permission," reports Bleeping Computer. Mint also admits the attacker may have gained access to some account information, including names, phone numbers, email addresses, passwords, and account numbers.

    Mint did not say how the breach took place, but it is likely to have been a compromise of an application used by customer service agents. The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes.

    The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems. In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent's computer to steal information, data later used to attack Microsoft's customers.

    Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
    I don't even get a thank you ? I was the one calling for the past week 5 times a day and I told them exactly how they were doing it, T mobile is there sister company and they run a special porting feature with them, I'm so surprised that it took this long because it got to the point were reps could remember me. Your welcome Ryan Reynolds ~ HW 
    watto_cobra
  • Reply 7 of 14
    fastasleepfastasleep Posts: 5,836member
    mobird said:
    What is to be accomplished by porting numbers out to another carrier from the standpoint of the attacker?
    FTFA: "The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes. "

    2FA is the most obvious target for porting a number, or fooling a carrier into issuing a new SIM for someone else's number to the attacker.
    watto_cobra
  • Reply 8 of 14
    macguimacgui Posts: 2,062member
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.
    You get those prices ($15 before taxes) for five lines? $15 before taxes for one line? And with no other services from Comcast? That's a pretty good deal from who some call Scumcast.

    Damn sorry to hear that, but glad we weren’t affected. 

    We switched to Mint (owned by Deadpool actor Ryan Reynolds) and are big fans — $15 a month, period. My days of paying AT&T $160 got 2 lines are over… The website is cleaner, the bills are insanely clear, and since I pay annual I don’t even have to worry about the bill every month. 

    Dumb pipes. That’s what I want.
    I've been looking into Mint and it sounds pretty good, especially since it's rates are standalone, not needing to be bundled with any other services.

    It's a shame that it had a data breach, and I hope the walls get shored up. I've read a number of sources warn against using a cell number (and maybe any phone number) for 2FA, though I don't know what other options there may be.

    Truth be told if I could get better throughput than  25/1 and $15/mo cellular, that would be very attractive. But I still have my eye on Mint.
    watto_cobra
  • Reply 9 of 14
    macgui said:
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.
    You get those prices ($15 before taxes) for five lines? $15 before taxes for one line? And with no other services from Comcast? That's a pretty good deal from who some call Scumcast.

    Yep, my total bill is $29.40 for 5 lines (not per line).  We also have internet with Comcast, which is a requirement for getting the xfinity mobile service, but adding the cellular knocked $10 off the monthly internet bill as a multiple product discount resulting in a net cost cost of $19.40 per month for 5 phones.

    There is a caveat to our service though.  We use our phones primarily as phones, we do not stream music or videos and rarely browse the internet on our phones.  Because of this we have a shared 1GB data plan between the five phones.  In the year or so we have had the xfinity mobile service we have yet to exceed 1GB in monthly usage (we average around 400MB per month in total between all five phones).

    I am not a Comcast fanboy, quite the opposite in fact.  But the savings we are realizing from the xfinity mobile plan certainly does help to balance the scales.  Through Comcast we have internet, a home phone (land)line, and five cellular phones with a total (post tax) cost of under $100 per month.  Previously we paid Verizon something like $120 per month for just 3 cellular phones, so this switch has been a very good (financial) thing for us.
    watto_cobra
  • Reply 10 of 14
    StrangeDaysStrangeDays Posts: 11,755member
    macgui said:
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.
    You get those prices ($15 before taxes) for five lines? $15 before taxes for one line? And with no other services from Comcast? That's a pretty good deal from who some call Scumcast.
    There is a caveat to our service though.  We use our phones primarily as phones, we do not stream music or videos and rarely browse the internet on our phones.  Because of this we have a shared 1GB data plan between the five phones.  In the year or so we have had the xfinity mobile service we have yet to exceed 1GB in monthly usage (we average around 400MB per month in total between all five phones).
    That’s kind of a dealbreaker for most smartphone users. Maybe during the pandemic holed up at home, but 1GB wouldn’t work for me alone let alone my entire family combined. If I wasn’t going to use data a flip phone works just as well and has longer battery life…

    With Mint you get voice, text, and 4GB per line for $15.
    muthuk_vanalingamwilliamlondonwatto_cobra
  • Reply 11 of 14
    OctoMonkeyOctoMonkey Posts: 230member
    macgui said:
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.
    You get those prices ($15 before taxes) for five lines? $15 before taxes for one line? And with no other services from Comcast? That's a pretty good deal from who some call Scumcast.
    There is a caveat to our service though.  We use our phones primarily as phones, we do not stream music or videos and rarely browse the internet on our phones.  Because of this we have a shared 1GB data plan between the five phones.  In the year or so we have had the xfinity mobile service we have yet to exceed 1GB in monthly usage (we average around 400MB per month in total between all five phones).
    That’s kind of a dealbreaker for most smartphone users. Maybe during the pandemic holed up at home, but 1GB wouldn’t work for me alone let alone my entire family combined. If I wasn’t going to use data a flip phone works just as well and has longer battery life…

    With Mint you get voice, text, and 4GB per line for $15.
    I understand that a lot of folks use more data than we do.  We can easily up the data to 3 GB or 10GB for an extra $15 or $45, respectively.  This can easily be done online on a month to month basis depending on your needs.  So if we wanted, it would be (essentially) $60 for 5 phones with a shared 10GB of data.  If memory serves, any individual phone can be given unlimited data, but that runs $30 for the phone in question (the rest of the phones on the plan continue to use the shared data).

    Perhaps this type of plan is a dealbreaker for most smartphone users, but I have no direct knowledge on typical smartphone owner's data usage.  As to a flip phone...  I should have been clearer on my phone use.  While I do not stream audio or video and rarely browse the internet on my phone, I do have around 80GB of music, well over 150GB of video and around 10GB of pictures on my phone...  and with a 512GB phone, there is plenty of storage space for future expansion.  My wife has a similarly loaded phone.  As such, we find little need for a high volume data package.  We are also not tied to our devices as so many people seem to be.  When at home, the phones sit on a charger, not in our hands or pockets.

    But to each their own.
    watto_cobra
  • Reply 12 of 14
    libertyforalllibertyforall Posts: 1,398member
    If only Mint Mobile would offer support for Apple Watch Cellular! 
    watto_cobra
  • Reply 13 of 14
    libertyforalllibertyforall Posts: 1,398member
    macgui said:
    Last year we switched to Comcast xfinity mobile and are similarly pleased.  $15 before taxes and $29.40 after taxes for 5 lines.
    You get those prices ($15 before taxes) for five lines? $15 before taxes for one line? And with no other services from Comcast? That's a pretty good deal from who some call Scumcast.

    Yep, my total bill is $29.40 for 5 lines (not per line).  We also have internet with Comcast, which is a requirement for getting the xfinity mobile service, but adding the cellular knocked $10 off the monthly internet bill as a multiple product discount resulting in a net cost cost of $19.40 per month for 5 phones.

    There is a caveat to our service though.  We use our phones primarily as phones, we do not stream music or videos and rarely browse the internet on our phones.  Because of this we have a shared 1GB data plan between the five phones.  In the year or so we have had the xfinity mobile service we have yet to exceed 1GB in monthly usage (we average around 400MB per month in total between all five phones).

    I am not a Comcast fanboy, quite the opposite in fact.  But the savings we are realizing from the xfinity mobile plan certainly does help to balance the scales.  Through Comcast we have internet, a home phone (land)line, and five cellular phones with a total (post tax) cost of under $100 per month.  Previously we paid Verizon something like $120 per month for just 3 cellular phones, so this switch has been a very good (financial) thing for us.
    Mint is $30/mo. for 1 line unlimited & speeds slow after 35GB;
    Comcast Xfinity is $45/mo for 1 line unlimited & speeds slow after 20GB PLUS you are REQUIRED to also pay separately for their internet service.  
    edited July 12 watto_cobra
  • Reply 14 of 14
    mpantonempantone Posts: 1,643member
    I was the one calling for the past week 5 times a day and I told them exactly how they were doing it, T mobile is there sister company and they run a special porting feature with them, I'm so surprised that it took this long because it got to the point were reps could remember me. Your welcome Ryan Reynolds ~ HW 
    Mint Mobile and T-Mobile aren't "sister companies" [sic].

    Mint Mobile is an MVNO that leases access to T-Mobile's cellular towers; Mint Mobile doesn't have their own towers. Most likely this is a multi-year contract but there's nothing preventing Mint Mobile to switching to another carrier for access (like AT&T) when the contract is up.

    StraightTalk is another MVNO that has historically rented from T-Mobile as well; in fact, at one point StraightTalk was using AT&T, T-Mobile and Verizon towers for access.

    The porting system needs T-Mobile's involvement because it's T-Mobile's network.
    williamlondonwatto_cobra
Sign In or Register to comment.