"Mint Mobile Discloses New Data Breach Exposing Customer Data"

Mint Mobile has recently disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.  Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans.  On December 22nd, the company began notifying customers via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.  Mint Mobile said they resolved the breach and are working with third-party cybersecurity experts to secure their systems.  Customer data exposed in the breach includes name, telephone number, email address, SIM serial number and IMEI number (a device identifier similar to a serial number), and a brief description of service plan purchased.  The company says they do not store credit card numbers, so they were not exposed.  The company also said they protect passwords with "strong cryptographic technology," so they are not compromised.  The exposed data is concerning, as it is enough information for a threat actor to conduct SIM swapping attacks, which is when an attacker ports a person's number to their own device.  Once they gain access to the number, they can try to access the user's online accounts by performing password resets and receiving the OTP codes to get past multi-factor authentication.

 

BleepingComputer reports: "Mint Mobile Discloses New Data Breach Exposing Customer Data"

Submitted by Adam Ekwall on