The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. T-Mobile is Google Fi's primary network provider, which means the incident is likely related to the hacker attack disclosed by the wireless carrier in mid-January. Google Fi said there had been unauthorized access to a third-party customer support system containing a "Limited amount" of customer data. This data includes phone number, account activation date, mobile service plan, SIM card serial number, and account status. The company says names, dates of birth, email addresses, payment card details, social security numbers, financial account information, passwords or PINs were not exposed. Hackers also did not gain access to the content of calls or SMS messages. "There was no access to Google's systems or any systems overseen by Google," customers were told. Most of the impacted customers do not need to take any action - except be on the lookout for phishing attempts. One Google Fi user reported on Reddit that their notification also informed them that their mobile phone service had been transferred from their SIM card to another SIM card for nearly two hours on January 1. The notification from Google Fi, according to the impacted customer, read, "During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card." The customer confirmed that their SIM card had been targeted in a SIM swapping attack on January 1, and claimed that the hacker used it to access three online accounts, including email, financial account, and the Authy authenticator app. "I tried reporting this repeatedly to Google Fi, including with detailed evidence, and their customer support reps didn't believe me and didn't follow up," the customer said. "They thought this was a standard password compromise or something, even though I could clearly see from activity logs that the hacker reset my passwords rather than logging in and then changing them, and I could see in the Google Fi activity logs the SMSes I didn't receive that they used to compromise my accounts." As for T-Mobile, the company said it detected a data breach on January 5. The threat actor, which has not been identified, apparently abused an API to access customer account data such as name, billing address, phone number, email, date of birth, and service information. Roughly 37 million current postpaid and prepaid customer accounts are impacted.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 12:46:03 +0000