TechCrunch reports that Google has notified customers of its MVNO (Mobile Virtual Network Operator) service, Fi, that a hacker was able to access some of their information.
According to the tech giant, the culprit compromised a third-party system used for customer support for major Fi network providers. Google doesn’t directly name providers, but Fi relies on US Cellular and T‑Mobile for connectivity.
The latter admitted in mid-January that hackers had been stealing data from the company’s systems since November last year.
According to T‑Mobile, the attackers had access to the information of approximately 37 million postpaid and prepaid customers by the time they discovered and fixed the issue.
At the time, the company claimed that no passwords, payment data or social security numbers were stolen. The same goes for Google Fi, adding that no PINs or text messages/calls were stolen.
It appears that the hackers only had access to some service plan data, such as user phone numbers, account status, SMS card serial numbers, and international roaming.
Google has told most users that nothing needs to be done and is still working with Fi network providers to “identify and implement measures to protect data on their systems.” We have notified all potentially affected parties.”
However, at least one customer is claimed to have had more serious problems than others due to the information breach. This customer is part of an email allegedly sent to him by Google on January 1, over a period of about two hours, informing him that “cellular service has been transferred from (his) SIM card to another SIM card.” Part has been published on Reddit.
The customer said he received a password reset notification for his Outlook, cryptocurrency wallet account, and Authy two-factor authentication that day. They sent logs to 9to5Google to prove the attackers were using their number to receive text messages to access these accounts.
Fi’s text message history revealed that the perpetrators began requesting password resets and two-factor authentication codes via SMS within a minute of the SIM card being transferred.
This customer seems to have been able to interact with their account after turning network access on their iPhone off and back on, but I’m not sure if that fixed the issue. We’ve reached out to Google regarding SIM swap customer complaints and will update this article as soon as we hear back.
Leave a Reply