Mint Mobile in its notifying email said that the unauthorized party has ported the numbers to another carrier without permission, so they may be used for any other cybercrimes. Thus, it advised customers to be aware of any potential thefts.
Mint Mobile Data Breach
Mint Mobile is an American telecom running as an MVNO on T-Mobile’s cellular network. It sells regular mobile phone services and is widely used by US netizens. The company, this weekend, has disclosed a data breach incident affecting an unknown number of its customers. In its email sent to only the affected customers, Mint Mobile said that
While it didn’t acknowledge the unauthorized party yet, it claims to have taken immediate measures to reverse the process and restore the service to normal. But, the worst has already happened. Mint Mobile said the unauthorized party has managed to access their customers’ sensitive details like “name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.” Thus, it’s now notifying customers to be vigilant about any potential identify thefts or suspicious bank transactions stealing the money. As the numbers are ported to another carrier, the threat actor may have used it to obtain 2FA codes to breach other online accounts of the victim. Thus, it’s advised to reset all your online accounts with that mobile number for avoiding fake validations by the threat actor. Mint Mobile didn’t disclose the source of the breach, but we speculate it to be an account breach through credentials or exploiting an unknown bug in the Mint Mobile application.