Google Fi warns customers that their data has been compromised - Engadget

Google has notified customers of its Fi mobile virtual web relation (MVNO) work that hackers were capable to entree immoderate of their information, according to TechCrunch. The tech elephantine said the atrocious actors infiltrated a third-party strategy utilized for lawsuit enactment astatine Fi's superior web provider. While Google didn't sanction the supplier outright, Fi relies connected US Cellular and T-Mobile for connectivity. If you'll recall, the second admitted successful mid-January that hackers had been taking information from its systems since November past year.

T-Mobile said the attackers got distant with the accusation of astir 37 cardinal postpaid and prepaid customers earlier it discovered and contained the issue. Back then, the bearer insisted that nary passwords, outgo accusation and societal information numbers were stolen. Google Fi is saying the aforesaid thing, adding that nary PINs oregon substance message/call contents were taken, arsenic well. The hackers lone seemingly had entree to users' telephone numbers, relationship status, SMS paper serial numbers and immoderate work program information, similar planetary roaming. 

Google reportedly told astir users that they didn't person to bash thing and that it's inactive moving with Fi's web supplier to "identify and instrumentality measures to unafraid the information connected that third-party strategy and notify everyone perchance impacted." That said, astatine slightest 1 lawsuit claimed having much superior issues than astir due to the fact that of the breach. They shared a portion of Google's expected email to them on Reddit, telling them that that their "mobile telephone work was transferred from [their] SIM paper to different SIM card" for astir 2 hours connected January 1st. 

The lawsuit said they received password reset notifications from Outlook, their crypto wallet relationship and two-factor authenticator Authy that day. They sent logs to 9to5Google to beryllium that the attackers had utilized their fig to person substance messages that allowed them to entree those accounts. Based connected their Fi substance history, the atrocious actors started resetting passwords and requesting two-factor authentication codes via SMS wrong 1 infinitesimal of transferring their SIM card. The lawsuit was reportedly lone capable regain power of their accounts aft turning web entree connected their iPhone disconnected and backmost on, though it's unclear if that's what solved the issue. We've reached retired to Google for a connection regarding the customers' SIM swapping assertion and volition update this station erstwhile we perceive back.