Low-price phone carrier Mint Mobile has revealed that it suffered a data breach recently. The breach allowed the attacker to port a number of Mint Mobil customer phone numbers over to another carrier and possibly allowed access to subscriber data.
The carrier, famously owned by “Deadpool” actor Ryan Reynolds, sent an email on Saturday to customers affected by the breach of the carrier’s systems. The breach, which took place during the June 8 to June 10 timespan, affected a “very small number” of Mint Mobile subscribers’ phone numbers.
Mint says phone numbers associated with the accounts were “temporarily ported to another carrier without permission,” Bleeping Computer reports that Mint Mobile admitted that an unauthorized person also potentially accessed subscribers’ personal information, including call history, names, addresses, emails, and passwords.
“While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”
While Mint did not disclose how the breach took place, it is likely that hackers hacked user accounts or compromised a Mint Mobile application used to manage customers. A similar attack hit USCellular in January after threat actors scammed employees into download software that provided remote access to the company’s devices. The hackers then used customer relationship management software to access USCellular subscribers’ personal information and port their numbers.
The carrier advises customers to change their account passwords and to keep an eye on other accounts that may use the phone number for two-factor authentication purposes.