Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Pierluigi Paganini July 11, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.

Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States.

BleepingComputer reported that Mint Mobile has disclosed a data breach that exposed subscribers’ account information and ported phone numbers to another carrier.

The data breach notification sent to the impacted subscribers reveals that an unauthorized person gained access to their data between June 8th and June 10th. The company did not reveal how hackers had access to the subscribers’ data.

The attacker also ported the phone numbers for a “small” number of Mint Mobile subscribers to another carrier without the authorization of the subscribers.

An unauthorized person also potentially accessed subscribers’ personal information, including call history, names, addresses, emails, and passwords.

“Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission,” reads the data breach notification sent by Mint Mobile. “While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”

Subscribers are recommended to change the password on their accounts, and protect other accounts that use the same phone number for validation purposes to prevent that attackers could port the number to other carriers in order to access them.

In January, another US carrier disclosed a data breach, UScellular revealed that attackers had access to personal information of its customers.

The company detected the security breach on January 6, 2021, and determined that the intrusion took place early this year, on January 4th, 2021.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment