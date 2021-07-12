Unauthorized users gained access to the account information of the subscribers of US telecom provider Mint Mobile .

According to a data breach notification email sent to the affected subscribers, initially shared on Reddit, the threat actor ported the phone numbers for a "small" number of Mint Mobile subscribers to another carrier .

"Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers' phone numbers, including yours, were temporarily ported to another carrier without permission," read the purported email from the company, which is famously backed by Hollywood superstar Ryan Reynolds.

The note adds that in addition to porting the numbers, the breach also “potentially” led to the exposure of subscribers' personal information, including call history, names, addresses, emails, and passwords.

Two-factor breach

In the breach notification email, Mint Mobile notes that it immediately took steps to reverse the process and restore the service of affected customers.

Although Mint Mobile hasn’t shared details about how the threat actor was able to access the subscribers' details, based on the accessed data Bleeping Computer speculates that the breach was the result of either a poorly protected user account or by compromising a Mint Mobile application used for managing customers.

However, since the numbers were ported, they could have been used to receive two-factor authentication ( 2FA ) codes, further compromising the integrity of the affected customers. In light of this, Mint Mobile is urging users to change the password of all their accounts that are tied to their Mint Mobile phone numbers.

Mint Mobile has not yet responded to requests seeking confirmation of the breach.

