Security News > 2023 > February > Google Fi data breach let hackers carry out SIM swap attacks

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks.

Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.

The exposed technical SIM data allowed threat actors to conduct SIM swap attacks on some Google Fi customers, with one customer reporting that the hackers gaining access to their Authy MFA account.

As the Google Fi data breach includes phone numbers, which can easily be linked to a customer's name, and the serial number of SIM cards, it would have made it even more convincing when contacting a mobile customer support representative.

Google sent a separate notice to customers impacted by SIM swap attacks, disclosing that the attackers managed to port their numbers to another SIM for a short time.

"On January 1, 2023, for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card." - Google.

News URL

https://www.bleepingcomputer.com/news/security/google-fi-data-breach-let-hackers-carry-out-sim-swap-attacks/