Security breaches at mobile carriers or MVNOs are dangerous, as the companies often have troves of personal information and power SMS and call-based two-factor authorization. Mint Mobile just suffered a breach, and you might want to keep reading if you’re a Mint customer.
Mint Mobile has just revealed a recent data breach compromising customer information. The breach exposed personal details such as names, telephone numbers, email addresses, SIM serial numbers, and IMEI numbers. The network said that the breach didn’t include credit card information, as that’s not stored by the company. With passwords, Mint Mobile emphasized the protection of passwords using “strong cryptographic technology.” With this, the company wants to tell users that passwords will not be compromised, but it also means that hackers might have obtained hashed/encrypted passwords, something that didn’t end too well for LastPass.
The company assured customers that they had resolved the breach and were collaborating with cybersecurity experts. The exposed data, however, is sufficient for threat actors to execute SIM-swapping attacks. SIM swapping involves porting a person’s number to an attacker’s device, enabling unauthorized access to online accounts through password resets and OTP codes. Although Mint Mobile reassured users that no immediate action was required, a dedicated customer support number was provided for inquiries related to the breach, so if you happen to have any major concerns about the breach, you should definitely hit that number up.
This is the second major data breach Mint Mobile has gone through in recent years, as the company had already been victim of a similar breach back in 2021. Back then, an unauthorized actor was performing SIM swaps on a number of users, and that could also be a possibility here. Someone was also claiming to sell Mint Mobile data on a hacking forum back in July, but it’s not clear whether that was legitimate and whether that’s related to this breach, seeing how that appears to have the last 4 digits of some credit card numbers associated to orders, as well as expiration dates.
We’ll have to wait and see the full extent of this, but in the meantime, if you have any concerns as a Mint Mobile customer, contact the company’s support.