Skip to content

Mint Mobile has revealed that the company suffered a security incident that compromised the personal information of its customers. This news has understandably caused concern among Mint Mobile users, who are advised to take necessary precautions to safeguard their data and monitor their accounts for suspicious activity. 

Mint is a budget-friendly mobile virtual network operator (MVNO) that provides pre-paid mobile plans.

Mint Mobile notified its customers on December 22, 2023, about the security incident via emails titled “Important information regarding your account.” The email warns the customers that an unauthorized actor has obtained some limited types of customer information.

What Was Exposed in the Mint Mobile Data Breach?

The following customer information was exposed in the Mint Mobile security breach:

Affected Customer Names

Phone Numbers

Email Addresses

SIM Serial Numbers

IMEI Numbers (a device identifier similar to a serial number)

and Brief Descriptions of the Purchased Service Plans.

The company stated that they don’t store credit card numbers and protect passwords, so the incident didn’t compromise them.

Mint Mobile Display in Target. Credit: https://www.reddit.com/media?url=https%3A%2F%2Fi.redd.it%2Fsd2svhe0vqt61.jpg
Mint Mobile endcap display in Target, featuring Prepaid Wireless.

Risks Associated with the Mint Mobile Data Breach

The exposed data is concerning, as it is enough information for a threat actor to conduct SIM-swapping attacks. In SIM swapping, the attacker ports a person’s number to their own device and gains access to the affected customer’s online accounts by performing password resets and receiving the OTP codes to get past multi-factor authentication.

Threat actors commonly use this technique to breach accounts at cryptocurrency exchanges, stealing all assets stored in the online wallet. Mint Mobile customers should immediately secure their funds and prevent unauthorized access. 

How Is Mint Mobile Addressing Data Breach?

Mint Mobile announced the data breach is now resolved. Customers can call customer support at 949-704-1162 with any questions. The Reddit moderator of Mint has confirmed that they set up this number to handle questions about the data breach.

“If you received a notice via email from noreply@account.mintmobile.com on December 22, 2023, it is from Mint Mobile and is not a scam. The Customer Care number was setup to handle specific questions about this communication,” explained a Mint Reddit User.

In July 2023, the FalconFeeds threat intel service reported that a threat actor attempted to sell data on a hacking forum, but Mint has not revealed further information.

Hacker selling Mint Mobile on Reddit could be cause of Mint Mobile Data Breach Source: FalconFeeds.io
Hacker selling Mint Mobile and Ultra Mobile data
Source: FalconFeeds.io + Bleeping Computer

The threat actor claimed that the information is a few months old. However, they provided the last four numbers of customers’ credit cards. Whether this is related to the publicly announced breach is uncertain.

Protect Your Mint Mobile Data From Future Breach

The Mint Mobile data breach highlights the need to safeguard personal information and be vigilant for potential risks. Customers should monitor their accounts closely, change their passwords, enable multifactor authentication, and be cautious of suspicious emails or calls. Taking proactive measures to protect one’s digital identity and prevent any unauthorized access is essential.

Worried about Mint Mobile data breach? Keep your business secure by partnering with AtNetPlus. Our proactive Managed IT and Security Services can help prevent data breaches and protect your critical assets from unauthorized access. Contact us today to schedule a consultation and learn how we can keep your Northeast Ohio business secure in the digital world.

Sources: