US Cellular Operator Google Fi claimed that one of its main network providers had customer personal data leaked, and some users reported SIM spoofing attacks (SIM SwappingSIM swapping).

Google sent Google Fi to customers notifications about the data breach, informing them that the incident revealed:

• phone numbers;
• serial numbers of SIM cards;
• account status (active or inactive);
• date of activation of the account;
• information about the tariff plan of mobile communication.

Google clarified that the hacked systems do not contain sensitive data such as full names, email addresses, payment card details, social security numbers (SSN), TIN (TIN), identity cards (ID), account passwords or SMS texts and records phone calls.

Google confirmed the fact of unauthorized access and said that it is investigating the incident and is working to protect data. The company also clarified that Google systems are not affected. Although Google did not mention who was the main provider of the hacked network, experts believe that it was T-Mobile, however, Google did not comment on this.

Recall that there was a recent data breach T-Mobile API, which exposed the personal information of approximately 37 million subscribers.

Data leak led to number theft

Exposed SIM serial numbers have allowed attackers to carry out SIM Swapping attacks on some Google Fi clients, with one client reporting that hackers stole 3 accounts from him, gaining access to his Authy two-factor authentication app account 2FA.

Google told affected customers that the cybercriminals were able to transfer victim numbers to their SIM cards for a while. During this time, the number could be used to send and receive calls and SMS. However, the voice mail of the subscribers was not hacked. The company has already restored the Google Fi service on the affected SIM cards.

One client told on the reddit forum that hackers took over his email, banking app accounts, and Authy real-time authentication app accounts.

After hacking the Authy two-factor authentication app, it becomes much easier for hackers to hack into other accounts, especially if they were registered using a phone number. The user also said that he contacted Google Fi support to stop the account hijacking, but the support ignored him.