US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the individual to access victims’ credentials and personal information, BleepingComputer reports.
“Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission,” the company stated. “While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”
Mint Mobile added that affected users should take steps to secure any other accounts that use their phone number or the same password.
“As a result, we want to provide you with the following information about the resources available to you to help protect your information,” the company continued. “We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statement for suspicious activity. We also continue to encourage you to take any necessary security measures to protect other accounts that use your phone number for verification purposes and to reset account passwords.”
BleepingComputer notes that having access to a ported phone number may allow an attacker to bypass two-factor authentication, stating, “While Mint Mobile has not said how the threat actor gained access to subscribers' information, based on the accessed data, it is likely that hackers hacked user accounts or compromised a Mint Mobile application used to manage customers. As the threat actors may have gained access to your Mint Mobile password, it is strongly advised that you change your password on your account. Furthermore, threat actors could have used the ported number [in] additional attacks, such as phishing, or to gain access to 2-factor authentication codes sent via text message.”
BleepingComputer has the story.