Security News > 2023 > February > Google Fi data breach let hackers carry out SIM swap attacks
Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks.
Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.
The exposed technical SIM data allowed threat actors to conduct SIM swap attacks on some Google Fi customers, with one customer reporting that the hackers gaining access to their Authy MFA account.
As the Google Fi data breach includes phone numbers, which can easily be linked to a customer's name, and the serial number of SIM cards, it would have made it even more convincing when contacting a mobile customer support representative.
Google sent a separate notice to customers impacted by SIM swap attacks, disclosing that the attackers managed to port their numbers to another SIM for a short time.
"On January 1, 2023, for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card." - Google.
News URL
Related news
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- 20 million Cutout.Pro user records leaked on data breach forum (source)
- Golden Corral restaurant chain data breach impacts 183,000 people (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- American Express credit cards exposed in vendor data breach (source)
- American Express credit cards exposed in third-party data breach (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)