Earlier this month T-Mobile disclosed a security breach that also affected Google Fi, and in the case of one customer it also seemed to lead to several hacked accounts and a hijacked phone number. As it turns out, the same thing also happened to several Mint Mobile customers who temporarily lost their phone numbers around the same time period.
Earlier this week we detailed the story of one Google Fi customer who saw their online accounts being hacked in real-time, only to find out the reason why was because their phone number had somehow been transferred to an attacker, sending their SMS messages to the attacker. The advanced attack was then confirmed by Google in an email to this affected customer, though it’s still unclear if anyone else on Google Fi had a similar experience.
Around the same time as that January 1 attack, though, several Mint Mobile customers saw a similar hijacking of their phone numbers for a brief period of time, but they weren’t so lucky as the Fi customer. While that user was able to regain control over their accounts before any damage could be done, some Mint Mobile customers were hit by the same sort of attack and some lost thousands of dollars as a result.
At least five different Mint Mobile customers went to Reddit between late December and early January claiming that their phone numbers were briefly hijacked. Some users noticed their phones lose cell connection followed by notifications that their email and/or Coinbase accounts had been compromised. One Mint customer claims to have lost $15,000 worth of cryptocurrency from the attacker. This was possible because the customers themselves did not have access to their phone numbers, and the attackers could receive their SMS messages including two-factor authentication codes.
Multiple reports also mentioned that rebooting their phone (and/or cycling data) restored access to their phone number, as the affected Google Fi customer also noted.
One common thread throughout these Mint Mobile stories as well as the Google Fi case was Coinbase, a crypto wallet app that was targeted as a part of the attack.
The other common thread is the timing, which was right in line with the larger T-Mobile data breach that the carrier disclosed on January 19. That breach was said to affect up to 37 million customers, but T-Mobile, and also Google, have said that personal data was not accessed. Like Google Fi, Mint Mobile relies on T-Mobile for its network coverage.
Mint Mobile has yet to publicly comment on these reports, and was unable to provide a statement for this story.
If you are a customer on Mint Mobile, T-Mobile, or Google Fi who experienced a similar situation around this data breach, please get in contact with 9to5Google.
FTC: We use income earning auto affiliate links. More.