New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Mint Mobile Breach Allowed Attacker to Port Phone Numbers and Access Data

The mobile phone carrier Mint Mobile fell victim to a data breach that allowed a number of customer phone numbers to be ported to another carrier and possibly access to subscriber data. An email was sent out Saturday, June 12th to the affected customers that said the following:

Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission. While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.

Mint Mobile has not said how the attack took place, but it is speculated that a comprised application used by customer service agents was involved.

Analyst Notes

Since the phone numbers were ported, they could have possibly been used in other attacks to gain access to 2-factor authentication codes sent via text message. Because of this, it is advised to monitor all accounts that use your Mint Mobile phone number for validation purposes and change the passwords on those accounts.

https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/