December 22, 2023 at 08:35PM
Mint Mobile, a subsidiary of T-Mobile, has confirmed a data breach exposing customer information. The breach notification assured customers that credit card numbers and passwords were not affected, but disclosed that names, phone numbers, email addresses, and other account details were compromised. The company has resolved the breach and is working with cybersecurity experts.
Based on the meeting notes, the key takeaways are:
1. Mint Mobile suffered a data breach that exposed customer data, making them vulnerable to potential SIM swap attacks.
2. The exposed customer data includes name, telephone number, email address, SIM serial number, IMEI number, and a brief description of the service plan purchased.
3. Mint Mobile assures that they do not store credit card numbers and protect passwords with strong cryptographic technology, but it’s unclear if hashed passwords were accessed by the attacker.
4. Threat actors could use the exposed data to conduct SIM swapping attacks, potentially gaining access to users’ online accounts and assets, particularly at cryptocurrency exchanges.
5. Mint Mobile has set up a specific customer support number (949-704-1162) to handle questions about the data breach, as confirmed by a Mint Reddit moderator.
6. There are previous instances of data breaches involving Mint Mobile and its parent company, T-Mobile.
7. Questions have been raised about the attack, including whether hashed passwords were exposed, but Mint Mobile has not provided a reply to BleepingComputer.