Google Fi Data Breach Reportedly Led to SIM Swapping

The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. T-Mobile is Google Fi's primary network provider, which means the incident is likely related to the hacker attack disclosed by the wireless carrier in mid-January. Google Fi said there had been unauthorized access to a third-party customer support system containing a "Limited amount" of customer data. This data includes phone number, account activation date, mobile service plan, SIM card serial number, and account status. The company says names, dates of birth, email addresses, payment card details, social security numbers, financial account information, passwords or PINs were not exposed. Hackers also did not gain access to the content of calls or SMS messages. "There was no access to Google's systems or any systems overseen by Google," customers were told. Most of the impacted customers do not need to take any action - except be on the lookout for phishing attempts. One Google Fi user reported on Reddit that their notification also informed them that their mobile phone service had been transferred from their SIM card to another SIM card for nearly two hours on January 1. The notification from Google Fi, according to the impacted customer, read, "During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card." The customer confirmed that their SIM card had been targeted in a SIM swapping attack on January 1, and claimed that the hacker used it to access three online accounts, including email, financial account, and the Authy authenticator app. "I tried reporting this repeatedly to Google Fi, including with detailed evidence, and their customer support reps didn't believe me and didn't follow up," the customer said. "They thought this was a standard password compromise or something, even though I could clearly see from activity logs that the hacker reset my passwords rather than logging in and then changing them, and I could see in the Google Fi activity logs the SMSes I didn't receive that they used to compromise my accounts." As for T-Mobile, the company said it detected a data breach on January 5. The threat actor, which has not been identified, apparently abused an API to access customer account data such as name, billing address, phone number, email, date of birth, and service information. Roughly 37 million current postpaid and prepaid customer accounts are impacted.

This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 12:46:03 +0000


Cyber News related to Google Fi Data Breach Reportedly Led to SIM Swapping

FCC adopts new rules to protect consumers from SIM-swapping attacks - The Federal Communications Commission has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC's Privacy and Data Protection Task Force introduced the new regulations in ...
10 months ago Bleepingcomputer.com
Store manager admits SIM swapping his customers - A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number and re-routing it to a phone ...
6 months ago Malwarebytes.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 days ago Aws.amazon.com
Google Fi Data Breach Reportedly Led to SIM Swapping - The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the ...
1 year ago Securityweek.com
T-Mobile, Verizon workers get texts offering $300 for SIM swaps - Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. The targeted employees have shared screenshots of messages offering $300 to those willing to aid the ...
5 months ago Bleepingcomputer.com
FCC Warns Carriers to Protect Customers Against SIM Swaps - A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission is warning mobile phone service providers of their obligations to protect consumers against the growing threat. SIM swapping - ...
9 months ago Securityboulevard.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
9 months ago Securityboulevard.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
1 year ago Hackread.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
7 months ago Securityzap.com
eSIM Vulnerabilities: SIM Swappers Exploit Flaws, Hijack Phone Numbers - According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit ...
6 months ago Cysecurity.news
SIM swapper gets 8 years in prison for account hacks, crypto theft - Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency ...
10 months ago Bleepingcomputer.com
Cybercriminals Could Perform SIM Card Swapping Scams - Google Fi customers were recently informed that their personal data had been exposed due to a data breach at one of its primary network providers. Google Fi, formerly known as Project Fi, is a telecommunications service that provides telephone calls, ...
1 year ago Cybersecuritynews.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
8 months ago Bleepingcomputer.com
Threat Actors Gained Access to Google Fi Customers' Information - Google Fi, the cell network provider of Google, recently confirmed a data breach. It is likely that the incident is related to the recent T-Mobile security incident, which allowed threat actors to steal the information of millions of customers. Based ...
1 year ago Heimdalsecurity.com
Google Removes Foreign eSIM Apps Airola and Holafly from PlayStore - Google has removed Airola and Holafly from its PlayStore for Indian users due to their sale of international SIM cards without the necessary authorizations. The decision came from the department of telecommunications, which also contacted internet ...
8 months ago Cysecurity.news
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
9 months ago Bleepingcomputer.com
- In the contemporary landscape dominated by digital interconnectedness, the escalating menace of cybercrime has assumed unprecedented proportions. The latest threat on the horizon is the insidious 'SIM Swap' scam, an advanced scheme exploiting ...
9 months ago Cysecurity.news
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
5 months ago Techrepublic.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
7 months ago Bleepingcomputer.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
8 months ago Cysecurity.news
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
10 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
9 months ago Securityboulevard.com
Arrests in $400M SIM-Swap Tied to Heist at FTX? - Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct ...
8 months ago Krebsonsecurity.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
10 months ago Jdsupra.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)