Skip to main content

Mint Mobile customers need to check their passwords following major data breach

Mint Mobile owner who owns
(Image credit: Future)

Unauthorized users gained access to the account information of the subscribers of US telecom provider Mint Mobile.

According to a data breach notification email sent to the affected subscribers, initially shared on Reddit, the threat actor ported the phone numbers for a "small" number of Mint Mobile subscribers to another carrier.

"Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers' phone numbers, including yours, were temporarily ported to another carrier without permission," read the purported email from the company, which is famously backed by Hollywood superstar Ryan Reynolds.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

The note adds that in addition to porting the numbers, the breach also “potentially” led to the exposure of subscribers' personal information, including call history, names, addresses, emails, and passwords.

Two-factor breach

In the breach notification email, Mint Mobile notes that it immediately took steps to reverse the process and restore the service of affected customers.

Although Mint Mobile hasn’t shared details about how the threat actor was able to access the subscribers' details, based on the accessed data Bleeping Computer speculates that the breach was the result of either a poorly protected user account or by compromising a Mint Mobile application used for managing customers.

However, since the numbers were ported, they could have been used to receive two-factor authentication (2FA) codes, further compromising the integrity of the affected customers. In light of this, Mint Mobile is urging users to change the password of all their accounts that are tied to their Mint Mobile phone numbers.

Mint Mobile has not yet responded to requests seeking confirmation of the breach.

Via Bleeping Computer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.