Mint Cell has disclosed a brand new information breach that uncovered the non-public info of its prospects, together with information that can be utilized to carry out SIM swap assaults.
Mint is a cellular digital community operator (MVNO) owned by T-Cell, providing funds, pre-paid cellular plans.
The corporate started notifying prospects on December twenty second through emails titled “Necessary info relating to your account,” stating that they suffered a safety incident and a hacker obtained buyer info.
“We’re writing to tell you a couple of safety incident we not too long ago recognized through which an unauthorized actor obtained some restricted kinds of buyer info,” warns the Mint Cell information breach notification.
“Our investigation signifies that sure info related along with your account was impacted.”
The corporate stated they resolved the breach and are working with third-party cybersecurity consultants to safe their methods.
The shopper information uncovered within the breach contains:
- Identify
- Phone quantity
- E-mail tackle
- SIM serial quantity and IMEI quantity (a tool identifier just like a serial quantity)
- A short description of service plan bought
Mint says they don’t retailer bank card numbers, so that they weren’t uncovered. The corporate additionally stated they defend passwords with “robust cryptographic expertise,” so they aren’t compromised.
The corporate didn’t make it clear from this assertion if hashed passwords had been accessed by the attacker.
The uncovered information is regarding, as it’s sufficient info for a menace actor to conduct SIM swapping assaults, which is when an attacker ports an individual’s quantity to their very own system.
As soon as they achieve entry to the quantity, they will attempt to entry the person’s on-line accounts by performing password resets and receiving the OTP codes to get previous multi-factor authentication.
Risk actors generally use this system to breach accounts at cryptocurrency exchanges, stealing all property saved within the on-line pockets.
Nevertheless, Mint says that prospects don’t have to take any motion and might name buyer help at 949- 704-1162 with any questions.
A Mint Reddit moderator has confirmed that this quantity was arrange particularly to deal with questions concerning the information breach.
“Should you obtained a discover through e mail from [email protected] on December 22, 2023, it’s from Mint and isn’t a rip-off. The Buyer Care quantity was setup to deal with particular questions on this communication,” defined a Mint moderator on Reddit.
Whereas Mint has not disclosed particulars on how they had been breached, the FalconFeeds menace intel service reported in July 2023 {that a} menace actor tried to promote information on a hacking discussion board that was allegedly stolen from Mint Cell and Extremely Cell.
Supply: FalconFeeds.io
The menace actor stated the information is a number of months outdated however contained the final 4 digits of consumers’ bank cards, so it’s unclear if the incident is said to the disclosed breach.
Mint Cell beforehand suffered a knowledge breach in 2021 when an unauthorized particular person accessed subscribers’ account info and ported telephone numbers to a different service.
Extra not too long ago, Mint’s mother or father firm, T-Cell, suffered an enormous information breach in January 2023 that uncovered the information of 37 million accounts. In Might 2023, they suffered a further breach, however this was a lot smaller, solely exposing the information of 836 prospects.
BleepingComputer has contacted Mint with questions concerning the assault and whether or not hashed passwords had been uncovered however has not obtained a reply.
