Person holding SIM cards

Google Fi, Google’s US-only telecommunications and mobile internet service, has informed its customers that personal data has been exposed by a data breach at one of its major network providers, with some customers having been warned that it allowed SIM card swapping attacks.

Google sent data breach notices to Google Fi customers this week, notifying them that the incident revealed their phone numbers, SIM card serial numbers, account status (active or inactive), account activation date and mobile service plan details.

Google clarified that the hacked systems did not contain sensitive details such as full names, email addresses, payment card information, SSNs, tax IDs, government IDs, account passwords or the content of text messages and phone calls.

“Our Incident Response team has undertaken an investigation and determined that unauthorized access has occurred and has worked with our primary network provider to identify and implement measures to secure data on this third-party system and notify all potentially affected persons,” reads the notice to customers.

“There was no access to Google systems or any systems supervised by Google.”

Sample Google Fi notice to customers
Sample Google Fi notice to customers
Source: @Dmite09

Although Google did not mention who was the main network provider that was hacked, it is believed to be referring to T-Mobile.

T-Mobile revealed last month that it suffered an API data breach in November 2022 that exposed the personal information of approximately 37 million subscribers.

We’ve asked Google to confirm if this is related to the T-Mobile breach, but haven’t received a response.

Data breach led to SIM card swapping attacks

Unfortunately, exposed SIM technical data allowed threat actors to carry out SIM swapping attacks on some Google Fi customers, with one customer reporting that hackers had access to his Authy MFA account.

SIM swapping attacks occur when malicious actors convince mobile carriers to port a customer’s phone number to a mobile SIM card under the control of the attacker.

These attacks are carried out using social engineering, where the threat actor impersonates the customer and requests that the number be ported to a new device for some reason. To convince the mobile operator that he is the customer, he provides personal information that is exposed to phishing attacks and data breaches.

As the Google Fi data breach includes phone numbers, which can easily be linked to a customer’s name, and the serial number of SIM cards, it would have made it even more compelling when you contacted a support rep. mobile client.

Once the number is ported, threat actors would have access to the victim’s text messages, including MFA codes, allowing them to breach online accounts or support services secured by a phone number. no one.

Google sent a separate notice to customers affected by the SIM swapping attacks, revealing that the attackers managed to transfer their numbers to another SIM card for a short time. However, the users’ voicemail was not hacked.

“On January 1, 2023, for approximately 1h48, your mobile phone service was transferred from your SIM card to another SIM card. During the term of this temporary transfer, the unauthorized access may have involved using your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not be accessed. We have restored Google Fi service to your SIM card. – Google

A customer who suffered from SIM swapping attacks shared his experience on Reddit, saying he witnessed his messaging, financial and Authy authentication app accounts being taken over in real time.

“The hacker used it to take control of three of my online accounts – my main email address, a financial account and the authenticator app Authy, all because they were able to receive my text messages. and thus defeat the SMS-based 2-fac”, Explain the Google Fi client.

Once a two-factor authentication app is hacked, it’s much easier for hackers to compromise other accounts, especially if they were registered using a phone number.

Despite his efforts to stop it by notifying Google Fi, he says he was ignored by customer support.


Source link