Mint Mobile data breach allowed attacker to port phone numbers


Carrier Mint Mobile has revealed it was the victim of a data breach, one which allowed a number of customer phone numbers to be ported out to another carrier, along with possible access to subscriber data.

An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier’s systems. The breach, which occurred between June 8 and June 10, reveals a “very small number of Mint Mobile subscribers’ phone numbers were affected by the incident.

According to Mint, phone numbers associated with the accounts were “temporarily ported to another carrier without permission,” reports Bleeping Computer. Mint also admits the attacker may have gained access to some account information, including names, phone numbers, email addresses, passwords, and account numbers.

Mint did not say how the breach took place, but it is likely to have been a compromise of an application used by customer service agents. The carrier does advise customers who receive the email to change their account password, and to be vigilant of other accounts that uses the phone number for two-factor authentication purposes.

The attack on the carrier is the latest to demonstrate the need for high security for customer-facing support systems. In late June, Microsoft confirmed that the hacking group thought to be behind the SolarWinds breaches used a compromised customer service agent’s computer to steal information, data later used to attack Microsoft’s customers.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, “Hey, Siri,” to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.

AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.

What is to be accomplished by porting numbers out to another carrier from the standpoint of the attacker?

If they have other identifying information like name etc they could get past account resets requiring access to the phone to receive texts for 2 level verification. Like accessing bank accounts

Damn sorry to hear that, but glad we weren’t affected. We switched to Mint (owned by Deadpool actor Ryan Reynolds) and are big fans — $15 a month, period. My days of paying AT&T $160 got 2 lines are over… The website is cleaner, the bills are insanely clear, and since I pay annual I don’t even have to worry about the bill every month. Dumb pipes. That’s what I want.

It shows that they –the threat actor — actually accomplished the data theft. This makes the stolen data more valuable since potential buyers (as well as the rightful owner Mint Mobile) would consider it legitimate. It is currently unclear if this is a ransomware attack and if the threat actors have demanded compensation from Mint Mobile. But this is one of the typical M.O.s of these type of cybercriminals.

The U.S. Federal Trade Commission on Friday opened a probe into Amazon’s recent purchase of MGM, suggesting a long slog is ahead for the e-commerce giant.

Microsoft co-founder Bill Gates was caught off guard with the launch and structure of Apple’s iTunes Store in 2003, with Apple co-founder Steve Jobs once again putting Gates in catch-up mode, according to an internal email that surfaced this week.

LG recently suspended plans to sell Apple products like iPhone devices at its Korean retail outlets, according to a new report.

With the launch of the Beats Studio Buds, Apple now has a total of four wireless earbuds it sells to consumers. Here’s how the newcomers face against AirPods, AirPods Pro, and Beats Powerbeats Pro.

Sony launched the WF-1000XM4 wireless earbuds in June, its noise-cancelling rival to the Apple AirPods Pro. Here’s how Sony’s latest stacks up against Apple’s heavy hitter.

Apple has evolved its remote control over time, with each iteration introducing physical improvements and better features. After launching the second-generation Siri Remote, has Apple created its best controller?

In April, Amazon upgraded its Echo Buds to make it a better value-oriented rival to Apple’s AirPods. Here’s how Amazon’s offerings stack up to Apple’s AirPods and AirPods Pro.

Apple’s launch of AirTag puts it into a growing market of tracking accessories, but how does it compare against the Tile Pro and the Find My-enabled Chipolo One Spot? We compare the trackers.

[Read More…]