Unauthorized users gained access to the account information of the subscribers of US telecom provider Mint Mobile (opens in new tab).
According to a data breach notification email sent to the affected subscribers, initially shared on Reddit, the threat actor ported the phone numbers for a "small" number of Mint Mobile subscribers to another carrier (opens in new tab).
"Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers' phone numbers, including yours, were temporarily ported to another carrier without permission," read the purported email from the company, which is famously backed by Hollywood superstar Ryan Reynolds.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
>> Click here to start the survey in a new window (opens in new tab) <<
- Shield yourself with these best identity theft protection services (opens in new tab)
- These are the best endpoint protection tools (opens in new tab)
- Here’s our list of the best password managers (opens in new tab)
The note adds that in addition to porting the numbers, the breach also “potentially” led to the exposure of subscribers' personal information, including call history, names, addresses, emails, and passwords.
In the breach notification email, Mint Mobile (opens in new tab) notes that it immediately took steps to reverse the process and restore the service of affected customers.
Although Mint Mobile hasn’t shared details about how the threat actor was able to access the subscribers' details, based on the accessed data Bleeping Computer speculates that the breach was the result of either a poorly protected user account or by compromising a Mint Mobile application used for managing customers.
However, since the numbers were ported, they could have been used to receive two-factor authentication (2FA (opens in new tab)) codes, further compromising the integrity of the affected customers. In light of this, Mint Mobile is urging users to change the password of all their accounts that are tied to their Mint Mobile phone numbers.
Mint Mobile has not yet responded to requests seeking confirmation of the breach.
- Protect your devices with these best antivirus software (opens in new tab)
Via Bleeping Computer (opens in new tab)