Google Fi customers were recently informed that their personal data had been exposed due to a data breach at one of its primary network providers. Google Fi, formerly known as Project Fi, is a telecommunications service that provides telephone calls, SMS, and mobile broadband using cellular networks and Wi-Fi. The data breach compromised phone numbers, SIM card serial numbers, account status, account activation date, and information about mobile service plans. However, no sensitive information such as full names, email addresses, payment card numbers, SSNs, tax IDs, government IDs, account passwords, or call and SMS contents were exposed. Google Fi uses networks operated by T-Mobile and U.S. Cellular, but the company has not identified the network provider responsible for the hack. T-Mobile recently disclosed another vulnerability that allowed a malicious actor to access the information of about 37 million customers through an API. This breach has highlighted the risks of subcontracting services to third parties. As a result of the exposed technical SIM data, some Google Fi customers were targeted by SIM swapping attacks. The hackers were able to gain access to the victims' Authy MFA accounts and temporarily transfer their phone numbers to another SIM card. Google Fi customers affected by the SIM swap attacks received a separate notification from Google that their voicemail could not have been accessed. One customer posted about his experience on Reddit, describing how his email, financial, and Authy authenticator app accounts were all taken over in real-time.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 03 Feb 2023 09:42:02 +0000