American mobile virtual network operator (MVNO) Mint Mobile has admitted that it has suffered a data breach affecting an unknown number of customers.
The company revealed the news in an email sent to customers, in which they wrote, “We are writing to inform you of a recent security incident in which fraudsters obtained some limited types of customer information. “I’m writing,” he explained.
“After investigation, we have determined that certain information related to your account was affected.”
SIM swap attack
The stolen data included users’ names, phone numbers, and email addresses, as well as SIM serial and IMEI numbers and a brief description of the mobile plan the customer had purchased.
The company said that no payment information was stolen, adding that customer passwords were protected with “strong cryptography,” and hinted (though not explicitly) that some passwords may also have been stolen. . It’s unclear who or how Mint was attacked (social engineering attack, malware, ransomware, etc.), but the company said it has “resolved the breach” and brought in third-party security experts to harden its systems. Ta.
Information such as a person’s name, email address, and phone number is enough to launch several types of attacks, from identity theft to phishing to wire fraud. However, BleepingComputer believes that whoever obtained the data now has enough information to carry out a SIM swapping attack (i.e., an attack that redirects a user’s GSM communications to an endpoint of the user’s choice). I am claiming.
By doing so, you can redirect SMS messages used for one-time passwords (OTPs) and multi-factor authentication (MFA) to access even your most secure accounts (think bank accounts).
TechRadar Pro has reached out to Mint Mobile for further clarification.
The news is the second similar incident to affect the company since FalconFeeds cybersecurity researchers previously discovered hackers trying to sell the Mint database on the dark web, but this is another It is unclear whether this was an incident or not.