[deleted]
Mint Mobile discloses new data breach exposing customer data
Submitted 1 year ago by return2ozma@lemmy.world to technology@lemmy.world
Comments
beckerist@lemmy.world 1 year ago
atmur@lemmy.world 1 year ago
Also probably password hashes.
The company did not make it clear from this statement if hashed passwords were accessed by the attacker.
I don’t expect good news if they chose not to share that detail.
Chozo@kbin.social 1 year ago
I'm pretty sure they're required to disclose that, and since they're already publicly admitting to some breaches, I doubt they'd be trying to hide parts of it while they're already likely being looked into.
It sounds like the data that was gathered is the sort of data that a customer support rep should have access to. They typically can only see pertinent details like what is necessary to verify a customer's identity and their device details, which lines up with what was mentioned in the disclosure. I imagine some CSR probably got their work account phished or something.
Passwords are probably just fine, from the looks of things.
Billy_Gnosis@lemmy.world 1 year ago
All that the email I received from them said was that they fixed the problem and there was nothing further I needed to do.
JJROKCZ@lemmy.world 1 year ago
They are required to disclose if that happened or they believe it happened. If they’re not saying it happened then they believe the password are fine at the time of announcement
atmur@lemmy.world 1 year ago
I jumped ship to another carrier right after they were bought out by T-Mobile and I’ve dodged price hikes and now data breaches. T-Mobile just ruins everything they touch.
essteeyou@lemmy.world 1 year ago
Price hikes? I just renewed for $250 for a year. I don’t remember the exact price I paid the year before, but $250 is still incredibly cheap compared to most, isn’t it?
criticon@lemmy.ca 1 year ago
My wife has been with Mint for 5 years now and there have not been any increases to her plan, on the contrary, they increased the data allowance in her tier
atmur@lemmy.world 1 year ago
Hmm, I think I might be mistaken on that then. I remember them announcing that they were nixing the $15 plan (which a couple of my family members were on), but it’s still there. Maybe they reverted it, or it was just Reddit spreading nonsense information. I’ll edit my comment.
wreckedcarzz@lemmy.world 1 year ago
Eh, I have my folks on t-mo’s $15/each for 3.5gb/unl/unl plan. My second line is with tello for $6/mo. $25/mo is cheap compared to my at&t postpaid plan (phone + laptop + watch for ~$130 out the door), but if I wasn’t going for features, I’d be right there with them for the $15 plan. I’d even go both lines from tello, but the difference between tmo qci6 and qci7 is brutal in my area, and often means data becomes completely unusable during the day. Over-subscribed towers.
pi3r8@lemmy.world 1 year ago
What makes you so sure they didn’t retain your data?
atmur@lemmy.world 1 year ago
There’s chance they did, but I didn’t get any kind of announcement email about it. I also used an email alias for my old Mint account, so if I suddenly start getting spam emails to that address, I’ll have my answer, lol
Raiderkev@lemmy.world 1 year ago
Fuckin great. I ran out of hotspot like a month ago while working remotely on a road trip. I needed hotspot right then /there, and my phone is on a family plan. Increasing my hotspot data meant I had to do it for the whole family plan and pay almost double the amount on the monthly bill. I thought I outsmarted the system by getting a mint mobile 3 month subscription for like $40 to just use for that trip… Aaaaaand my data’s been breached… Cool…
GhostMatter@lemmy.ca 1 year ago
The screenshot in the article said the reach was a few months old, last July.
01189998819991197253@infosec.pub 1 year ago
When the merger was first announced, my friend sent me a link to the Ryan Reynolds video of the announcement. I sent him back, “cute vid. I sense a breach in our future lol”
I guess that ‘lol’ wasn’t necessary…
postmateDumbass@lemmy.world 1 year ago
I guess that ‘lol’ wasn’t necessary…
Everyone deals with pain differently
RandomVideos@programming.dev 1 year ago
The mint for desktop is much better than the mint for mobile
chili1553@lemmy.world 1 year ago
I use Arch, btw
jordanlund@lemmy.world 1 year ago
“Once they gain access to the number, they can try to access the user’s online accounts by performing password resets and receiving the OTP codes to get past multi-factor authentication.”
Mint - “Can’t bypass multi-factor authentication when you never implemented multi-factor authentication!”
Taztrophe@kbin.social 1 year ago
Not sure when they added it but immediately after seeing this post I hit my account to change my password and confirmed Mint does offer 2FA using auth apps (I used Google Authenticator) so I activated it.
I expect this to replace the SMS codes they'd been sending me before and hopefully prevent what you're describing.
Would be nice if these big firms would stop serving us the breach du jour.
0110010001100010@lemmy.world 1 year ago
Is it just me or has 2023 been the year of the data breach? Maybe they are just larger or more widely reported. Just seems like there have been a fuck-ton of them this past year.
CaptainSpaceman@lemmy.world 1 year ago
Hackers-for-hire on the darkweb is big business these days
0110010001100010@lemmy.world 1 year ago
While true, I’m not convinced that fully explains it. Having been in IT nearly 2 decades I feel like the second piece is cybersecurity budgets getting slashed. A lot of them have been super-basic shit like someone clicking on a malicious link.
sbv@sh.itjust.works 1 year ago
I bet 2024 will have more. More stuff is online and we don’t seem to be getting any better at securing it.
0110010001100010@lemmy.world 1 year ago
I don’t think the problem is “we” securing things (we being cybersecurity professionals). I think the problem is companies seeing that it’s cheaper to take the PR hit, pay the ransom, pay for cybersecurity insurance, etc than it is to pay for a properly secured network.
Cybersecurity is hard (citation needed) and costs a lot of money (citation needed). If a company figures it’s cheaper to have a breach and deal with the fallout than it is to properly secure shit I can promise you what will happen.
As always, follow the $$$.
knobbysideup@sh.itjust.works 1 year ago
Profit > Security. These companies don’t care so long as the consequences don’t affect profit significantly enough. Infosec is always an afterthought, if considered at all.
random65837@lemmy.world 1 year ago
Stupidest thing I’ve ever heard, you’ve clearly never worked for a company that’s dealt with a customer info data breach. It costs them massive amounts of money to clean them up, pay for identity protection (never take that) and the PR alone costs them more in the end.
glacier@lemmy.blahaj.zone 1 year ago
I switched to US Mobile a couple months ago and it has been a much better experience.
QuarterSwede@lemmy.world 1 year ago
Hadn’t heard of them. Too bad their plans are complicated.
Dudewitbow@lemmy.zip 1 year ago
I got off mint last month so at the very least they cant port my number off when the number is no longer with them anymore.
ahriboy@lemmy.dbzer0.com 1 year ago
Shit. My American Aunt and her family uses T-Mobile Family Plan.
random65837@lemmy.world 1 year ago
TMO is breached yearly, Mint customers and TMO customers aren’t the same thing, Mint is TMO’s customer, not the individuals. Not the same databases. In the end, Mint doesn’t have half the data on it’s customers that actual TMO does on theirs.
martinb@lemmy.sdf.org 1 year ago
I thought they meant Linux Mint, the Debian derivative. Very confused until I read the comments… perhaps I should read the article 😳
time_lord@lemmy.world 1 year ago
If I never got the email, does that mean I wasn’t effected?
Extrasvhx9he@lemmy.today 1 year ago
Fuck
Unaware7013@kbin.social 1 year ago
Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password).
That just screams they're not storing passwords properly. If you're salt+hashing your passwords, they could throw Hamlet into the password field and the only limit is how big the text entry field can be. The output is a fixed length string, so I put length should be immaterial.
TornadoRex@lemmy.world 1 year ago
T-Mobile owned companies and data breaches. Can you name a better duo?
Chozo@kbin.social 1 year ago
I feel like Target has to be giving T-Mobile a run for their money in this field. It seems like I'm reading about a new Target data breach at least every other year.
01189998819991197253@infosec.pub 1 year ago
Still a better love story than Twilight?
GladiusB@lemmy.world 1 year ago
Vampires and not Twilight?