Mint Cell has disclosed a brand new information breach that uncovered the private info of its clients, together with information that can be utilized to carry out SIM swap assaults.
Mint is a cellular digital community operator (MVNO) owned by T-Cell, providing price range, pre-paid cellular plans.
The corporate started notifying clients on December twenty second by way of emails titled “Necessary info relating to your account,” stating that they suffered a safety incident and a hacker obtained buyer info.
“We’re writing to tell you a couple of safety incident we not too long ago recognized during which an unauthorized actor obtained some restricted kinds of buyer info,” warns the Mint Cell information breach notification.
“Our investigation signifies that sure info related along with your account was impacted.”
The corporate mentioned they resolved the breach and are working with third-party cybersecurity specialists to safe their programs.
The client information uncovered within the breach consists of:
- Title
- Phone quantity
- E mail tackle
- SIM serial quantity and IMEI quantity (a tool identifier much like a serial quantity)
- A short description of service plan bought
Mint says they don’t retailer bank card numbers, in order that they weren’t uncovered. The corporate additionally mentioned they defend passwords with “sturdy cryptographic expertise,” so they don’t seem to be compromised.
The corporate didn’t make it clear from this assertion if hashed passwords had been accessed by the attacker.
The uncovered information is regarding, as it’s sufficient info for a menace actor to conduct SIM swapping assaults, which is when an attacker ports an individual’s quantity to their very own gadget.
As soon as they acquire entry to the quantity, they will attempt to entry the person’s on-line accounts by performing password resets and receiving the OTP codes to get previous multi-factor authentication.
Risk actors generally use this system to breach accounts at cryptocurrency exchanges, stealing all belongings saved within the on-line pockets.
Nonetheless, Mint says that clients don’t must take any motion and might name buyer assist at 949- 704-1162 with any questions.
A Mint Reddit moderator has confirmed that this quantity was arrange particularly to deal with questions concerning the information breach.
“When you acquired a discover by way of electronic mail from no-reply@account.mintmobile.com on December 22, 2023, it’s from Mint and isn’t a rip-off. The Buyer Care quantity was setup to deal with particular questions on this communication,” defined a Mint moderator on Reddit.
Whereas Mint has not disclosed particulars on how they had been breached, the FalconFeeds menace intel service reported in July 2023Â {that a} menace actor tried to promote information on a hacking discussion board that was allegedly stolen from Mint Cell and Extremely Cell.
Supply:Â FalconFeeds.io
The menace actor mentioned the information is a number of months outdated however contained the final 4 digits of consumers’ bank cards, so it’s unclear if the incident is said to the disclosed breach.
Mint Cell beforehand suffered a knowledge breach in 2021 when an unauthorized individual accessed subscribers’ account info and ported telephone numbers to a different provider.
Extra not too long ago, Mint’s dad or mum firm, T-Cell, suffered an enormous information breach in January 2023 that uncovered the information of 37 million accounts. In Could 2023, they suffered a further breach, however this was a lot smaller, solely exposing the information of 836 clients.
BleepingComputer has contacted Mint with questions concerning the assault and whether or not hashed passwords had been uncovered however has not acquired a reply.
